Shalitha Mihiranga

OAuth Authorization Server and an OAuth Resource Server What is OAuth? OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. OAuth 2.0 - OAuth 2.0 is not backwards compatible with OAuth 1.0. OAuth 2.0 provides specific authorization flows for web applications, desktop applications, mobile phones, and smart devices. The specification and associated RFCs are developed by the IETF OAuth WG the main framework was published in October 2012. There are four types of roles in OAuth, Client Resource Owner(User) Resource Server Authentication Server The OAuth 2.0 framework specifies several grant types for different use cases, as well as a framework for creating new grant types. Authorization Code Grant Type - The Authorization Code grant type is used by confidential and public clients to exchange an author...

Cross-site Request Forgery Protection in web applications via  Double Submit Cookies Pattern What is Cross-site Request Forgery Protection(CSRF)? This is a kind of attack and type of a malicious exploit of a website. We also name this attack as the one-click attack or session riding. This forces an end user to execute unwanted actions on a web application in which they're currently authenticated. This attack is mainly focusing on state-changing request, not theft data. As an example, if the user 'A' wants to transfer the 200$ to the bank 'B'.He needs to send a request to the bank 'B' and bank will send the response by authenticating user 'A'.There is an attacker he/she needs to fraud this money form user 'A'.what the attacker can do is he will create a malicious web link and send it to the user by forcing to click that link . while the user clicks the link for the transferring purpose but the thing is attacker was transferring th...

Cross-site Request Forgery Protection in web applications via Synchronizer Token Patterns What is Cross-site Request Forgery Protection(CSRF)? This is a kind of attack and type of a malicious exploit of a website. We also name this attack as the one-click attack or session riding. This forces an end user to execute unwanted actions on a web application in which they're currently authenticated. This attack is mainly focusing on state-changing request, not theft data. As an example, if the user 'A' wants to transfer the 200$ to the bank 'B'.He needs to send a request to the bank 'B' and bank will send the response by authenticating user 'A'.There is an attacker he/she needs to fraud this money form user 'A'.what the attacker can do is he will create a malicious web link and send it to the user by forcing to click that link . while the user clicks the link for the transferring purpose but the thing is attacker was transferring the mon...