Welcome to Secumantra! In this post, we will understand some important security tips to protect ourselves and our families from being a victim of a potential online fraud. Security awareness has become very important in modern world when most of us are connected to internet and are working from home due to current pandemic situation….
Welcome to Secumantra! In this post we will understand Cross-Site Request Forgery attack, commonly known as CSRF or XSRF attack. It is one of the common attacks observed for web applications and has been there in OWASP Top Ten for many years. Introduction and OWASP Overview In a CSRF attack an end user’s browser is…
In the previous post, we learnt about main actors and terminologies used in OAuth 2.0. We started discussing about grant types (OAuth flows) and talked about most used grant type i.e. authorization code grant. In this post we will discuss remaining three types of grants. Let’s start – 2. Implicit grant The implicit grant type…
The OAuth 2.0 framework is a delegation protocol specifically designed for authorization workflows. In this post, we will try to understand different flows (OAuth grant types) for clients to obtain the authorization grant. OAuth 2.0 Roles and Terminologies Let us revisit few important OAuth terminologies and entities involved in the workflows. OAuth defines four major…
OAuth 2.0 is very popular today and there is also a lot of confusion about OAuth 2.0 vs OpenID Connect. In this post we will understand what problem OAuth 2.0 solves and how it is different from OpenID Connect. Lets start with revisiting some basic concepts and then develop our understanding about OAuth by trying…
Welcome to Secumantra! In this post, we will learn how to enable SSL certificate for free on your WordPress website using Cloudflare. Data transmitted over an unencrypted channel (plain http) is insecure and can be intercepted. All the data must be encrypted while in transition and it is site owner’s responsibility to protect the security, privacy…
We have talked about the HTTPS and why it is needed in previous post. Website owners are responsible to secure the communication channel while connecting to their clients. Though HTTPS and SSL certificates offer data protection and integrity, many sites are still reluctant to adopt it. There are many misconceptions about cost, performance etc. which…
Welcome to Secumantra! In this post, we will understand why HTTPS is needed and how exactly it works. We will also see some more benefits of securing your website with HTTPS. Why HTTPS? Many times we found HTTPS vocabulary little confusing and we tend to skip this topic. It eventually makes HTTPS a black box…
Welcome to Secumantra! In this post, we are going to understand what exactly is JWT and why JWTs are so popular in web applications these days. So let’s get started – Introduction and Purpose JWT stands for JSON Web Token and mainly used in OAuth workflows. These tokens are kind of protected data structures and…
Welcome to Secumantra! In this post, we will try to understand the difference between encryption and encoding, which is sometimes misunderstood by many developers. Both encoding and encryption transform the data so that it can be easily consumed by another party. Although both are doing data transformation, purpose and the approach of encoding and encryption is…
