Sacheen Warnaka (Technical Blog)

OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third party applications or websites Auth 2.0 has Four major roles  Client  -- Also called "the app". It can be an app running on a mobile device or a traditional web app. The app makes requests to the resource server for protected assets on behalf of the resource owner. The resource owner must give the app permission to access the protected resources. Resource owner  -- Also called an "end user". This is generally the person (or other entity) who is capable of granting access to a protected resource. For example, if an app needs to use data from one of your social media sites, then you are the re...

WHAT IS CSRF Cross site request forgery (CSRF), also known as XSRF, Sea Surf or Session Riding, is an attack vector that tricks a web browser into executing an unwanted action in an application to which a user is logged in. For better understand let's look at this example User loged in to his bank account.The bank give session token. Haker send malicious link that look like it pointed to some trusted location.But really it connected to the bank. When the user clicked on the fake link it use previously set session token.The hackers request will be executed and the users account hacked.for example money from the users account will be transfered to the the hackers account. How did this happened? The hackers request to the bank was forged as it used the same session token of the user, which did not require user to log in again Let's see how to prevent CSRF attacks... The most popular implementation to prevent Cross-site Request Forgery (CSRF), i...