Goal

The path to "セキュア・バイ・デザイン"

Here is the reading path leading up to this book, derived from its dependencies and ordered from the fundamentals.

The path so far (3 books)

暗号技術入門第3版
Why read this first: Only with a foundation in signatures and public-key cryptography can you correctly understand token-based authorization. OAuth 2.0 is the de facto standard for delegating privileges; learn its grant types and flows from first principles.
Sources
- RFC 6749: The OAuth 2.0 Authorization Framework - IETF
OAuth徹底入門
Why read this first: OAuth 2.0 is fundamentally an authorization protocol, and misusing it for pseudo-authentication breeds vulnerabilities. Advancing to OIDC, which standardizes identity verification, clarifies how to build correct authentication, including ID token validation.
Sources
- How OpenID Connect Works - OpenID Foundation
OpenID Connect入門
Why read this first: Once you can implement authentication and authorization as a system, lift your perspective a level. Secure by Design goes beyond reactive input validation and escaping, offering a way to build structures where invalid data cannot enter at the design stage.
Sources
- OWASP Proactive Controls - OWASP Foundation