Product Security

  1. Technical Security Foundations
    1. Applied Cryptography
      1. Symmetric Encryption
        1. Symmetric Algorithms
          1. AES Implementation
            1. DES and 3DES
              1. Block Cipher Modes
              2. Key Management
                1. Key Generation
                  1. Key Distribution
                    1. Key Storage
                      1. Key Rotation
                    2. Asymmetric Encryption
                      1. Asymmetric Algorithms
                        1. RSA Implementation
                          1. Elliptic Curve Cryptography
                            1. Key Exchange Protocols
                            2. Public Key Operations
                              1. Encryption and Decryption
                                1. Key Pair Generation
                                  1. Key Size Considerations
                                2. Cryptographic Hashing
                                  1. Hash Functions
                                    1. SHA Family
                                      1. Hash Function Properties
                                        1. Hash Collision Resistance
                                        2. Hash Applications
                                          1. Data Integrity Verification
                                            1. Password Hashing
                                              1. Digital Signatures
                                            2. Digital Signatures and Certificates
                                              1. Digital Signature Process
                                                1. Certificate Authorities
                                                  1. Certificate Validation
                                                    1. Certificate Revocation
                                                    2. Public Key Infrastructure
                                                      1. PKI Components
                                                        1. Certificate Lifecycle
                                                          1. Trust Models
                                                            1. Revocation Mechanisms
                                                            2. Transport Layer Security
                                                              1. TLS Protocol Overview
                                                                1. TLS Handshake Process
                                                                  1. Certificate Validation
                                                                    1. Cipher Suite Selection
                                                                  2. Authentication Systems
                                                                    1. Multi-Factor Authentication
                                                                      1. Authentication Factors
                                                                        1. Something You Know
                                                                          1. Something You Have
                                                                            1. Something You Are
                                                                            2. MFA Implementation
                                                                              1. MFA Bypass Prevention
                                                                              2. Single Sign-On
                                                                                1. SSO Protocols
                                                                                  1. SAML Implementation
                                                                                    1. OAuth 2.0
                                                                                      1. OpenID Connect
                                                                                      2. SSO Security Considerations
                                                                                      3. Token-Based Authentication
                                                                                        1. JSON Web Tokens
                                                                                          1. JWT Structure
                                                                                            1. JWT Validation
                                                                                              1. JWT Security Considerations
                                                                                              2. OAuth Token Management
                                                                                                1. Token Lifecycle Management
                                                                                              3. Authorization and Access Control
                                                                                                1. Role-Based Access Control
                                                                                                  1. Role Definition
                                                                                                    1. Role Assignment
                                                                                                      1. Role Hierarchy
                                                                                                        1. RBAC Implementation
                                                                                                        2. Attribute-Based Access Control
                                                                                                          1. Policy Definition
                                                                                                            1. Attribute Management
                                                                                                              1. ABAC Implementation
                                                                                                                1. Dynamic Authorization
                                                                                                                2. Access Control Lists
                                                                                                                  1. ACL Structure
                                                                                                                    1. Permission Management
                                                                                                                      1. Inheritance Rules
                                                                                                                        1. ACL Maintenance

                                                                                                                    Previous

                                                                                                                    2. Secure Development Lifecycle

                                                                                                                    Go to top

                                                                                                                    Next

                                                                                                                    4. Product Security Program Management