TechGear

What is OAuth 2.0 OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and Google. It works by delegating user authentication to the service that hosts the user account and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices. OAuth Roles OAuth defines four roles: Resource Owner Client Resource Server Authorization Server How its woks Here I have created the both authorization server and resource server in a single api in node.js.   and angular for the demo application. First create a demo application in OAuth application setting in github. To get the access code, use a GET request in the login page. After successfully login page will redirect to http://localhost:4200/posts (call back URL) and it will shows the access token ...

Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. Cross-site Request Forgery (CSRF) protection via Synchronizer Token Patterns This protection technique is called as Synchronizer Token Pattern. This solution is to ensure th...

Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. Cross-site Request Forgery(CSRF) protection via Double Submit Cookies Patterns. In this technique, we send a random value in both a cookie and as a request param...