Spikes

HTTPS

How does HTTPS keep websites secure?

Questions to consider

1. How is HTTPS different from HTTP?

2. How does TLS encryption work?

Useful resources

• How HTTPS works

• What Is Transport Layer Security (TLS)?

Stateless vs stateful authentication

What's the difference between stateless and stateful authentication?

Questions to consider

1. What is session-based (stateful) authentication? What is token-based (stateless) authentication?

2. What are the advantages and disadvantages of each?

Useful resources

• What really is the difference between session and token based authentication

Browser storage

What different methods can we use to store information in the browser?

Questions to consider

1. What's the difference between local storage, session storage and cookies?

2. What types of things would you store in each?

3. Where can we see what a web page has stored in our browser?

Useful resources

• Web Storage API

• View, Edit, And Delete Cookies With Chrome DevTools

Attacks

How might our websites be vulnerable to hacking?

Questions to consider

1. What are the following types of attack?

   • Cross Site Scripting (XSS)

   • Cross Site Request Forgery (CSRF)

2. How can you defend against each of them?

Useful resources

• XSS aka HTML Injection Attack explained

• Intro to CSRF

• Understanding CSFR