GRACIAS #java ☕️!!! #java #javadeveloper #java #programming #coding #programmer #developer #coder #software #code @JavaOne @java_gdl @JavaUsers @springframework @QuarkusIO @CaceresJava @javadevelopers @BolivianJUG @CLOJUG @Oraclejavamag @springboot

AROUG te invita a participar del Evento DevConverge LATAM el sábado 11 de abril en Buenos Aires. Cupos Limitados. Regístrate Ya ! aroug.org/ords/r/aroug/aroug… #oracle @oracleace @oracle

13 Complete YouTube Courses for Programming: 1. Python youtu.be/xAcTmDO6NTI?si=zfTo… 2. SQL youtu.be/a-hFbr-4VQQ?si=s1Ix… 3. JavaScript youtu.be/t8QXF85YovE?si=Ijop… 4. Java youtu.be/bm0OyhwFDuY?si=rnhL… 5. C youtu.be/FpfHmAkRVK4?si=Px0t… 6. Rust youtu.be/R33h77nrMqc?si=u82y… 7. Golang youtu.be/etSN4X_fCnM?si=OAdm… 8. C# youtu.be/0QUgvfuKvWU?si=wL1j… 9. Kotlin youtu.be/TEXaoSC_8lQ?si=NRLw… 10. Swift youtu.be/CwA1VWP0Ldw?si=0JfW… 11. PHP youtu.be/sVbEyFZKgqk?si=XAnY… 12. C youtu.be/SC8uWXmDJs4?si=IHPV… 13. DSA youtu.be/0bHoB32fuj0?si=Znkj…

𝐉𝐖𝐓 (JSON Web Tokens) ◾ JSON Web Token (JWT) => open standard (RFC 7519) for securely transmitting information between parties as a JSON object. ◾ a compact and self-contained way to represent a set of claims securely between two parties. 📌 𝐒𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞 𝐨𝐟 𝐚 𝐉𝐖𝐓 A JWT consists of three parts => separated by dots (.) [1.] 𝐇𝐞𝐚𝐝𝐞𝐫 ◾ Specifies the algorithm used to sign the token (e.g., HS256, RS256) and the type of the token, which is always JWT. [2.] 𝐏𝐚𝐲𝐥𝐨𝐚𝐝 (Claims) ◾ Contains the claims (statements) about an entity (typically, the user) and additional data. There are three types of claims - ◾ Registered claims (standardized): iss (issuer), exp (expiration time), sub (subject), aud (audience) etc. ◾ Public claims (customizable by your application). ◾ Private claims (application-specific agreements). [3.] 𝐒𝐢𝐠𝐧𝐚𝐭𝐮𝐫𝐞 ◾ Created by taking - a. the encoded header b. the encoded payload c. a secret d. signing it with the algorithm specified in the header ◾ Used to verify the token's authenticity and integrity. 📌 𝐁𝐞𝐧𝐞𝐟𝐢𝐭𝐬 𝐨𝐟 𝐔𝐬𝐢𝐧𝐠 𝐉𝐖𝐓𝐬 ◾ Auth ◾ Statelessness => server doesn't need to store session information. ◾ Security =>can be signed using various algorithms ◾ Decentralization => ideal for single sign-on (SSO). 📌 𝐉𝐖𝐓 𝐁𝐞𝐬𝐭 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐞𝐬 JWTs are a tool, not a complete security solution. Their security hinges on proper implementation and usage. 👍 [1.] Algorithm Selection ◾ Prioritize Asymmetry - Use RS256 (RSA) or ES256 (Elliptic Curve) for stronger security. ◾ Avoid HS256 - HMAC-based signing (HS256) requires careful key management. ◾ Never Use 'none' - This disables signing, rendering JWTs completely insecure. [2.] Key Management ◾ Generate robust, cryptographically secure keys (256-bit or higher). ◾ Regularly rotate keys. [3.] Secure Storage ◾ Store keys securely, never in source code or version control. [4.] Claim Usage ◾ Avoid storing sensitive or personally identifiable information (PII) directly in JWT claims. ◾ Utilize standard claims (iss, exp, aud, sub) consistently. ◾ For sensitive data, encrypt the JWT payload. [5.] Token Handling ◾ Transmit JWTs exclusively over HTTPS to prevent interception. ◾ Store JWTs in HttpOnly cookies to protect against cross-site scripting (XSS) attacks. ◾ Set short expiration times and consider refresh tokens for longer sessions. ◾ Implement mechanisms for revoking compromised tokens =>blacklists, short-lived tokens. [6.] Validation and Verification ◾ ALWAYS verify the JWT signature using the appropriate algorithm and key before processing the claims. ◾ Check all relevant claims (exp, iss, aud) for validity and relevance to your application. => Implement rate limiting to protect against brute-force attacks. =>Use security-focused HTTP headers to enhance protection. -------------- 👍 Follow -@techNmak

¡VIVO 💥#Java Dev Converge LATAM -SPRINT ONLINE 3 de 4 💥! No olvides asistir hoy. lnkd.in/dBQGefeW

💥Seguimos hosteando el #JavaDevConverge LATAM 2/4💥 Luego del éxito del primer encuentro, la comunidad de desarrolladores #Java continúa compartiendo todas su experiencias ¡Sumate! @MauriDeveloper 🌟 Link Evento: lnkd.in/dgBWaRPV

💥Interbanking hostea el Java DevConverge LATAM💥      Sumate a la transformación digital junto a los grandes expertos en tecnología de la comunidad de desarrolladores #Java Para más info o inscribirte, ingresá acá 👉🏻 linkedin.com/posts/interbank… @MauriDeveloper