Posts

OAuth 2.0

Image
OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third party applications or websites Auth 2.0 has Four major roles  Client  -- Also called "the app". It can be an app running on a mobile device or a traditional web app. The app makes requests to the resource server for protected assets on behalf of the resource owner. The resource owner must give the app permission to access the protected resources. Resource owner  -- Also called an "end user". This is generally the person (or other entity) who is capable of granting access to a protected resource. For example, if an app needs to use data from one of your social media sites, then you are the re...
Post a Comment
Read more

Cross Site Request Forgery

Image
WHAT IS CSRF Cross site request forgery (CSRF), also known as XSRF, Sea Surf or Session Riding, is an attack vector that tricks a web browser into executing an unwanted action in an application to which a user is logged in. For better understand let's look at this example User loged in to his bank account.The bank give session token. Haker send malicious link that look like it pointed to some trusted location.But really it connected to the bank. When the user clicked on the fake link it use previously set session token.The hackers request will be executed and the users account hacked.for example money from the users account will be transfered to the the hackers account. How did this happened? The hackers request to the bank was forged as it used the same session token of the user, which did not require user to log in again Let's see how to prevent CSRF attacks... The most popular implementation to prevent Cross-site Request Forgery (CSRF), i...
1 comment
Read more

What is mongo DB?

Image
MongoDB  is a  free and open-source   cross-platform   document-oriented database  program. Classified as a  NoSQL  database program, MongoDB uses  JSON -like documents with  schemas . MongoDB is developed by  MongoDB Inc.  and is  free and open-source , published under a combination of the  GNU Affero General Public License  and the  Apache License . A record in MongoDB is a document, which is a data structure composed of field and value pairs. MongoDB documents are similar to JSON objects. The values of fields may include other documents, arrays, and arrays of documents. Why Mongo DB? Ø High performance-: MongoDB provides high performance data persistence. In particular, Support for embedded data models reduces I/O activity on database system. Ø Rich Query Language-: MongoDB supports a rich query language to support read and write operations including Create, Retrieve, Update, Delete...
Post a Comment
Read more

Impact to other quality attributes when improving security of IOS

Image
IOS operating system have pay more attention towards the security of their operating system. When they try to improve their security quality attribute that was affected in other quality attributes in positively as well as negatively.so let’s see some of the security improvements that are done by IOS and how they affected for other quality attributes. 1.  6-digits  Pass-code After the release of IOS 9, Apple has change their default pass-code form 4 digits to 6 digits. Their main target was make harder for hackers to crack their system. ➢     But with this newly introduced feature Usability has been decreased . Users have faced to troubles with this newly introduced security feature.                              Ex-: ➢     This 6 digit pass-code was introduced with after the IOS version...
Post a Comment
Read more