Cyber Talkies

OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices. This instructional exercise we will make an application which might login with FACEBOOK account. What's more, we will get the secured data by the Facebook. So let’s get started ! The following diagram shows all the steps associated in this flow. Here the steps are; The application requests authorization to access service resources from the user. If the user authorized the request, the application receives an authorization grant.  The application requests an access token from the authorization server (API) by presenting authentication of its own identity,

Double Submit Cookie In the event that putting away the CSRF token in session is risky, an elective guard is utilization of a twofold submit treat. A twofold submit treat is characterized as sending an arbitrary incentive in both a treat and as a demand parameter, with the server confirming if the treat esteem and demand esteem coordinate. At the point when a client verifies to a site, the site ought to create a (cryptographically solid) pseudorandom esteem and set it as a treat on the client's machine isolate from the session id. The site does not need to spare this incentive in any capacity, in this way maintaining a strategic distance from server side state. The site at that point requires that each exchange ask for incorporate this irregular incentive as a concealed frame esteem (or other demand parameter). A cross birthplace assailant can't read any information sent from the server or alter treat esteems, per the same-cause strategy. This implies while an aggre

Cross Site Request Forgery (CSRF) Cross-site scripting forgery or CSRF is an attack that forces an end client to execute undesirable activity on a web application in which they are presently verified. This is likewise called as a single tick attack or session riding attack. In the event that the casualty is a normal client the attacker can get restricted access to the framework. Yet, in the event that the casualty is an administrator CSRF can trade off the whole web application. There are two ways to secure the CSRF attack: Synchronizer Token, Double submit Cookies. How to mitigate CSRF Try not to open any messages, peruse to different destinations or play out some other informal organization correspondence while validated to your managing an account site or any site that performs budgetary exchanges. This will keep any noxious contents from being executed while being confirmed to a money related site. At whatever point you complete a saving money or budgetary exchange on a site