# Preparation

## Snippets API

1. Make sure you can run the **Snippets API** locally
2. Make sure your Postman collection for **Snippets API** is up to date and you can use it in session.

## Memory refresh

* Refresh on the materials from [Intro to Web architecture](https://program.hackyourfuture.dk/course-content/foundation/intro-to-web-architecture/preparation), especially the [requests and HTTPS section](https://www.freecodecamp.org/news/http-and-everything-you-need-to-know-about-it)

## Session pre-read

* Read a short introduction to [password hashing and salting](https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/)
* Read a high-level overview of [JWT (JSON Web Tokens](https://auth0.com/docs/secure/tokens/json-web-tokens) [JWT debugger](https://www.jwt.io/)
* Read about security problems with self-created tokens that could lead to [Token Forgery](https://entro.security/glossary/token-forging/)
* Read a brief introduction to [cookies and sessions](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies)
* Read a short overview on the [difference between **authentication and authorisation**](https://www.geeksforgeeks.org/computer-networks/difference-between-authentication-and-authorization/).

## Optional Resources

For more research, you can explore the following resources:

* Great additional read about [Authentication vulnurabilities](https://portswigger.net/web-security/authentication)
* Great tool to extend your developer toolboc - [CyberChef](https://gchq.github.io/CyberChef/)
* OWASP [cheatsheets](https://cheatsheetseries.owasp.org/index.html) on authentication and session management (for a deeper security perspective).
* A more in-depth article or video about JWT best practices (token lifetimes, refresh tokens, common pitfalls). [JWT Attacks](https://portswigger.net/web-security/jwt)
* Incredible resource to learn security and encryption concepts [Cryptohack](https://cryptohack.org/)