← The Owens Vibe Coding & Development Institute

Auth, Identity & Security

Lock it down like real people depend on it.

Authentication vs authorization, password hashing, sessions and JWTs, OAuth, role-based access, the full OWASP Top 10, secrets, threat modeling, and running a real audit. The difference between 'it works' and 'it's safe.'

For:Builders handling real users and real data.Outcome:Threat-model, harden, and audit an app like a security engineer.

Lessons

  1. Authentication vs Authorization

    Who you are vs what you're allowed to do — and why confusing them causes breaches.

  2. Passwords Done Right

    Hashing, salting, bcrypt/argon2 — never, ever store a password as plain text.

  3. Sessions vs Tokens (JWT)

    How login persists: sessions vs JWTs, and the trade-offs that actually matter.

  4. OAuth & Social Login

    'Sign in with Google' demystified: delegated auth with OAuth, done safely.

  5. Role-Based Access Control

    Roles and permissions: enforce who can do what — on the backend, always.

  6. The OWASP Top 10, Part 1

    Injection, broken auth, and XSS — the first half of the hacks that actually happen.

  7. The OWASP Top 10, Part 2

    IDOR, SSRF, misconfiguration, and the rest of the OWASP Top 10 for builders.

  8. Secrets Management

    Env vars, vaults, rotation — keep keys out of your code and your Git history.

  9. Securing File Uploads

    The most dangerous feature: accept files without handing attackers the keys.

  10. HTTPS, Encryption & Data Protection

    Protect data in transit and at rest — HTTPS, TLS, and encryption basics.

  11. Threat Modeling

    Think like an attacker about YOUR app: find the doors before they do.

  12. Running a Real Security Audit

    Run a real, structured security audit on your own code, start to finish.

  13. Capstone: Full Security Audit & Hardening

    Full security audit and hardening of an app: threat model, fixes, before/after.

Lock it down — automatically

Run the HYVE Audit before you ship

You're learning to audit your own code — the HYVE Audit does it automatically. An in-browser security scan that finds the holes before launch. Critical findings are free; the full severity-ranked report is $55, and your source code never leaves your machine.

Scan my code ↗HYVE Audit by Vibe Software Solutions · “Find security holes before launch.”
← Back to the Institute🌱 Next: Foundations

🏛️ Build It Right, Or Don't Build It At All.