Basic Auth, SAML, Keys, OAuth, JWT and Tokens
BOOK: "Hacking Exposed", https://amzn.to/2SlhpTm to learn security, attack it!
Home Page: https://tomer-ben-david.github.io
This video is what I learned last week about security.
JWT and tokens quickie a security is an
area which is complex but in many times
it is complex not because of the
subjects themselves but it is complex
because all the terminology that is
going on so security is one of these
concepts where you have so much
terminology and you want to connect it
to the real life it feels like you need
some kind of a dictionary in order to
understand security and it's changing
there are new terms coming on so I think
you already know what security is you
all lived in no security you just need
to connect the terms to the actual
security concepts and this is what we
are going to do you a ok so we have
these concepts we have these maintenance
I mean 80% of the the Pareto principle
of security or 80% of what you are going
to tackle while we do programming is one
of those you are going to you're going
to walk with basic off with summer with
kids with off with George with tokens
it's all encompassing it encompassing
authentication auto rejection encryption
private and public keys are symmetric
keys and symmetric keys but these are
the main concepts that you should be
familiar with
so to scan this very quickly a basic off
is the most basic thing we'll talk about
it sam'l is when large corporates taught
about security
if keys and the tokens are like username
in the passwords there are some some
kind of something that you proved it
that you can do something for example I
get access token from a service which
proves that Who I am that I got this
access token and I get a secret a token
and we have off for authorization and we
have jots and we'll talk about it okay
so let's start with basic authentication
so this is as basic as it can get
vesical tenth occasion because you
simply a pass in HTTP headers you pass
the username and the password in
clear-text you only base64 it so what
you do is base base64 on user name and
pass which provides you with the basic
authentication token when we say token
we mean token means okay something like
this this is a token and when we do
base64 to a username and password we put
it in your header and then we transfer
it to the server
the token that we got ok and the server
sees that we know what the user and the
password is so it loves us to access it
of course because basic content occasion
does not say anything about encryption a
this means that we want to use HTTPS or
some other kind of encryption but basic
authentication itself does not say
anything about encryption it's a clear.
-
Category
No comments found