Description
In this course, you will learn :
- What a JWT is, how to create one, and what benefits it provides in token-based authentication.
- Learn why HTTPS was introduced and how it revolutionised data transfer by utilising techniques such as encryption and handshake.
- About the most popular authentication and authorization frameworks, OAuth and OpenId Connect.
- What web API security is all about and will lay the groundwork for you to continue your education in application security.
Syllabus :
1. Getting started with Web Application Security
- Introduction
- Cross-site Scripting Attack (XSS)
- Cross-site Request Forgery (CSRF)
- Denial-of-Service Attack
2. HTTPS Basics
- What is Encryption?
- Understanding SSL certificates
- What is HTTPS, and How Does it Work?
- What are Cookies?
3. JSON Web Token
- Session-based Authentication
- Token Based Authentication
- JWT - JSON Web Token
- JWT Validation
- Stolen JWTs
- Cryptographic Key Management
- Hacking JSON Web Tokens
4. OAuth
- OAuth Introduction
- OAuth Terminologies
- Authorization Code Grant Type
- Implicit Grant Type
- Client Credentials Grant Type
- Resource Owner Credentials Grant
- Refresh Token Grant
5. OpenID Connect
- OpenID Connect Introduction
- OpenId Connect Terminologies
- Authorization Code Flow for Authentication
- Implicit Code Flow for Authentication
- Hybrid Code Flow for Authentication