Life Long Learning

Google API authentication with OAuth 2: access data from a Google user in your application -on the example of Gmail The blog presents how to authenticate and authorize an access to Gmail API from the application. Nowadays web applications are used very widely for almost every task. But it is difficult to remember separate credentials to each and every application. Also, there can be instances where an application requires to communicate with other applications on behalf of the user. These are the basic problems OAuth tries to address. As the solution, modern websites are created based on the OAuth protocol with the concepts of “ Identity Federation ” (  Allowing users to log in to an application with another account.) and “ Delegated Authorization ” (Allowing another service to access resources on another service on behalf of the user  without sharing user’s credentials.). How does OAuth work? To understand how OAuth works, we need to understand...

What is Cross-site Request Forgery(CSRF) Cross-Site Request Forgery (CSRF)  is a type of attack outlined in the OWASP Top 10  that occurs when a malicious website, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated (logged in). The impact of a successful CSRF attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context. In effect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized transaction has been committed. At the most basic level, the reason for a CSRF is that browser's do not understand how to distinguish if an action was performed on purposely by a user (like say by clicking a button o...