What factors on security do you consider while coding?
We mainly follow the OWASP standard when exposing an application to the internet. Some of them are as below.
- Threat Modelling: Have a Threat modelling prepared so it gives a clear picture from where communications are happening to the system.
- User input validation: Ensure that business data is validated in the backend, even though you are validating in frontEnd.
-
SQL Injection: Never have direct SQL queries or String concatenate queries having a wild card etc.
Use a prepared Statement or Hibernate or Spring JPA for the database connection. - XSS Cross-Site Scripting: Ensure you check against a white list of input characters.
-
Update dependencies: Always update dependant jar to the latest as per security guidelines.
What is OAuth?
OAuth is a framework for sharing authorization.OAuth does not know the credentials it just gives you access, for example, you can log in to a website with your Facebook account without sharing your credentials.
How OAuth works?
The exchange between 3rd Webapp and Social media is called flow or grant type. Then the website asks for permission which is called scopes. Then finally access is granted by tokens.
What is the difference between Authentication and Authorization?
These are factually known as authN vs authZ.
AuthN is who are you, om the other hand AuthZ is what can you do?
What is the difference between OAuth2.0 and OpenID Connect?
- OAuth is designed for Authorization, whereas OpenID is designed for the identity of user.
- OAuth is extensible whereas OpenID we can get Structure and extension both
- OAuth is for devices/services hence we can use it for microservices, OpenID is only for users
OIDC is OpenIDCOnnect is a special form if OAuth.
ConversionConversion EmoticonEmoticon