- Make sure you can run the Snippets API locally
- Make sure your Postman collection for Snippets API is up to date and you can use it in session.
- Refresh on the materials from Intro to Web architecture, especially the requests and HTTPS section
- Read a short introduction to password hashing and salting
- Read a high-level overview of JWT (JSON Web Tokens JWT debugger
- Read about security problems with self-created tokens that could lead to Token Forgery
- Read a brief introduction to cookies and sessions
- Read a short overview on the difference between authentication and authorisation.
For more research, you can explore the following resources:
- Great additional read about Authentication vulnurabilities
- Great tool to extend your developer toolboc - CyberChef
- OWASP cheatsheets on authentication and session management (for a deeper security perspective).
- A more in-depth article or video about JWT best practices (token lifetimes, refresh tokens, common pitfalls). JWT Attacks
- Incredible resource to learn security and encryption concepts Cryptohack