Application Security

The OAuth 2.0 Flows – Part I

The OAuth 2.0 framework is a delegation protocol specifically designed for authorization workflows. In this post, we will try to understand different flows (OAuth grant types) for clients to obtain the authorization grant. OAuth 2.0 Roles and Terminologies Let us revisit few important OAuth terminologies and entities involved in the workflows. OAuth defines four major…

Application Security

How to Get Free SSL for Your Website

Welcome to Secumantra! In this post, we will learn how to enable SSL certificate for free on your WordPress website using Cloudflare. Data transmitted over an unencrypted channel (plain http) is insecure and can be intercepted. All the data must be encrypted while in transition and it is site owner’s responsibility to protect the security, privacy…

Cyber Security | Data Security

Top 5 Myths about HTTPS and SSL

We have talked about the HTTPS and why it is needed in previous post. Website owners are responsible to secure the communication channel while connecting to their clients. Though HTTPS and SSL certificates offer data protection and integrity, many sites are still reluctant to adopt it. There are many misconceptions about cost, performance etc. which…

Application Security

JWT – Everything you need to know!

Welcome to Secumantra! In this post, we are going to understand what exactly is JWT and why JWTs are so popular in web applications these days. So let’s get started – Introduction and Purpose JWT stands for JSON Web Token and mainly used in OAuth workflows. These tokens are kind of protected data structures and…

Application Security

Encoding vs Encryption

Welcome to Secumantra! In this post,¬†we will try to understand the difference between encryption and encoding, which is sometimes misunderstood by many developers. Both encoding and encryption transform the data so that it can be easily consumed by another party. Although both are doing data transformation, purpose and the approach of encoding and encryption is…