SlideShare une entreprise Scribd logo

Web authentication & authorization

Télécharger en tant que PPTX, PDF
Alexandru Pasaila
Alexandru Pasaila
Technologie
1  sur  19
WEB AUTHENTICATION & AUTHORIZATION
INTRODUCTION
INTRODUCTION  The nature of today’s web threats is changing, current attacks are much more covert than they were in the past.  Despite the growing array of threats, many organizations are not taking appropriate steps to safeguard their corporate networks, applications or data.  As the number of online services are increasing day by day, their usage is also increasing in the same ratio.  Users of online services have to register separately to each application and the overhead of remembering many ID/Password pairs has led to the problem of memorability.
INTRODUCTION  Authentication is a direct need of each and every organization and so it is becoming paramount for an organization not because it copes with security threats only but for the reason it deals with and develops policies, procedures and mechanisms that provide administrative, physical and logical security.  Whenever an individual requests an access to a pool of resources, to use them or update them as desired, then to authenticate such an individual is referred to as authentication.
INTRODUCTION  In networked environment, users are granted access to the network only when they provide their access information (e.g. user name & password) securely to check and validate their identity.  If a person can prove that who he is, also knows something that only he could knows, it is reasonable to think that a person is he who claims to be.
AUTHENTICATION TECHNOLOGIES
AUTHENTICATION TECHNOLOGIES  Computer industry has created an array of identification and authentication technologies:  userID/Passwords  One Time Password  Kerberos  Secure Socket Layer  Lightweight Directory Access Protocol  Security Assertion Markup Language(SAML)  OpenID. * The technologies are detailed on blog articles!
AUTHENTICATION ATTACKS
BRUTE FORCE ATTACK  It is an automated process of trial and error used to guess a person’s user name, password, credit card number or cryptographic key.  Examples:  Usernames: John, Admin;  Passwords: 12345, password, letmein, admin, (pet names);
INSUFFICIENT AUTHENTICATION  This type of attack occurs when a website permits an attacker to access sensitive content or functionality without having to properly authenticate. Web based administration tools are a good example of web site providing access to sensitive functionality.
WEAK PASSWORD RECOVERY VALIDATION  A website is considered to have Password Recovery Validation when an attacker is able to foil the recovery mechanism being used.  Password recovery systems may be compromised through the use of brute force attacks, inherent system weaknesses or easily guessed secret questions.
WEAK PASSWORD RECOVERY VALIDATION  Weak methods of Password Recovery:  Password Hints: Password hint aids Brute Force attacks. An attacker can glean about user’s password from the hint provided.  Secret Question and Answer: A secret question like “Where were you born?” helps an attacker to limit a secret answer Brute Force Attack to city names.
AUTHENTICATION TECHNIQUES AND INFRASTRUCTURES
PLUGGABLE AUTHENTICATION MODULES (PAM)  Instead of having applications handle authentication on their own, they can use the PAM API and libraries to take care of the details.  Consistency is achieved when many applications perform the same authentication by referencing the same PAM module.  Additionally, applications needn’t be recompiled to change their authentication behavior: just edit a PAM configuration file(transparent to the application) and you’re done.
SECURE SOCKETS LAYER (SSL)  It provides cryptographically assured privacy (encryption), integrity, optional client authentication, and mandatory server authentication.  Linux includes a popular implementation of SSL, called OpenSSL.
WEB AUTHENTICATION STANDARDS
SINGLE SIGN-ON  Single sign-on allows a user to enter a username and password only once and have access to multiple applications and environments within a session.  Single sign-on uses centralized authentication servers which all applications and systems use for authentication.
OAUTH  Open Authentication (OAuth ) aims at creating an environment where information is shared securely across networks.  Each thread, which includes devices, applications and users, is constantly authenticated and is all- pervasive.  OAuth is a service that is complementary to, but distinct from, OpenID.
OPENID  OpenID is a standard that simplifies signing in.  With OpenID you only use one username and one password to log in to all websites where you have an account.  It offers a secure way of identifying yourself on the Internet.  Used by: Google, Flickr, Yahoo, MySpace,WordPress

Recommandé

Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumerationleminhvuong
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 
Sessions in php
Sessions in php Sessions in php
Sessions in php Mudasir Syed
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetShivanand Arur
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 

Recommandé

Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumerationleminhvuong
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 
Sessions in php
Sessions in php Sessions in php
Sessions in php Mudasir Syed
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetShivanand Arur
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
Web security
Web securityWeb security
Web securityMuhammad Usman
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Web security
Web securityWeb security
Web securityPadam Banthia
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The BasicsIshan A B Ambanwela
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuthleahculver
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Xss attack
Xss attackXss attack
Xss attackManjushree Mashal
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA ImplementationAhmad El Tawil
 
Scripting languages
Scripting languagesScripting languages
Scripting languagesteach4uin
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
php
phpphp
phpajeetjhajharia
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationSylvain Maret
 
Web authentication
Web authenticationWeb authentication
Web authenticationPradeep J V
 

Contenu connexe

Tendances

Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuthleahculver
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Scripting languages
Scripting languagesScripting languages
Scripting languagesteach4uin
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 

Tendances (20)

Web security
Web securityWeb security
Web security
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
Web application security
Web application securityWeb application security
Web application security
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Web security
Web securityWeb security
Web security
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuth
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Xss attack
Xss attackXss attack
Xss attack
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA Implementation
 
Scripting languages
Scripting languagesScripting languages
Scripting languages
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
php
phpphp
php
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 

En vedette

Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationSylvain Maret
 
Web authentication
Web authenticationWeb authentication
Web authenticationPradeep J V
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
The wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnThe wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnClément OUDOT
 
Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Sylvain Maret
 
Pmbok 4th edition chapter 11 - Project Risk Management
Pmbok 4th edition chapter 11 - Project Risk ManagementPmbok 4th edition chapter 11 - Project Risk Management
Pmbok 4th edition chapter 11 - Project Risk ManagementAhmad Maharma, PMP,RMP
 
PMP Training - 11 project risk management
PMP Training - 11 project risk managementPMP Training - 11 project risk management
PMP Training - 11 project risk managementejlp12
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
 
Project Risk Management - PMBOK5
Project Risk Management - PMBOK5Project Risk Management - PMBOK5
Project Risk Management - PMBOK5pankajsh10
 

En vedette (12)

Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 
Web authentication
Web authenticationWeb authentication
Web authentication
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
 
The wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnThe wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign On
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SET
 
Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011
 
Pmbok 4th edition chapter 11 - Project Risk Management
Pmbok 4th edition chapter 11 - Project Risk ManagementPmbok 4th edition chapter 11 - Project Risk Management
Pmbok 4th edition chapter 11 - Project Risk Management
 
PMP Training - 11 project risk management
PMP Training - 11 project risk managementPMP Training - 11 project risk management
PMP Training - 11 project risk management
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009
 
The Purpose And Goals Of Risk Management
The Purpose And Goals Of Risk ManagementThe Purpose And Goals Of Risk Management
The Purpose And Goals Of Risk Management
 
Project Risk Management - PMBOK5
Project Risk Management - PMBOK5Project Risk Management - PMBOK5
Project Risk Management - PMBOK5
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management Framework
 

Similaire à Web authentication & authorization

Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect DesignRajat Jain
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- orgDharmalingam S
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxArjayBalberan1
 
76 s201923
76 s20192376 s201923
76 s201923IJRAT
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication IJMER
 
Risk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | SysforeRisk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | SysforeSysfore Technologies
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Conference Papers
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Conference Papers
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_securityAnil Pandey
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxInfosectrain3
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3webhostingguy
 

Similaire à Web authentication & authorization (20)

Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect Design
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- org
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
 
76 s201923
76 s20192376 s201923
76 s201923
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
C02
C02C02
C02
 
An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication
 
Risk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | SysforeRisk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | Sysfore
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_security
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
AbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptxAbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptx
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptx
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 

Dernier

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 

Dernier (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 

Web authentication & authorization

  • 3. INTRODUCTION  The nature of today’s web threats is changing, current attacks are much more covert than they were in the past.  Despite the growing array of threats, many organizations are not taking appropriate steps to safeguard their corporate networks, applications or data.  As the number of online services are increasing day by day, their usage is also increasing in the same ratio.  Users of online services have to register separately to each application and the overhead of remembering many ID/Password pairs has led to the problem of memorability.
  • 4. INTRODUCTION  Authentication is a direct need of each and every organization and so it is becoming paramount for an organization not because it copes with security threats only but for the reason it deals with and develops policies, procedures and mechanisms that provide administrative, physical and logical security.  Whenever an individual requests an access to a pool of resources, to use them or update them as desired, then to authenticate such an individual is referred to as authentication.
  • 5. INTRODUCTION  In networked environment, users are granted access to the network only when they provide their access information (e.g. user name & password) securely to check and validate their identity.  If a person can prove that who he is, also knows something that only he could knows, it is reasonable to think that a person is he who claims to be.
  • 7. AUTHENTICATION TECHNOLOGIES  Computer industry has created an array of identification and authentication technologies:  userID/Passwords  One Time Password  Kerberos  Secure Socket Layer  Lightweight Directory Access Protocol  Security Assertion Markup Language(SAML)  OpenID. * The technologies are detailed on blog articles!
  • 9. BRUTE FORCE ATTACK  It is an automated process of trial and error used to guess a person’s user name, password, credit card number or cryptographic key.  Examples:  Usernames: John, Admin;  Passwords: 12345, password, letmein, admin, (pet names);
  • 10. INSUFFICIENT AUTHENTICATION  This type of attack occurs when a website permits an attacker to access sensitive content or functionality without having to properly authenticate. Web based administration tools are a good example of web site providing access to sensitive functionality.
  • 11. WEAK PASSWORD RECOVERY VALIDATION  A website is considered to have Password Recovery Validation when an attacker is able to foil the recovery mechanism being used.  Password recovery systems may be compromised through the use of brute force attacks, inherent system weaknesses or easily guessed secret questions.
  • 12. WEAK PASSWORD RECOVERY VALIDATION  Weak methods of Password Recovery:  Password Hints: Password hint aids Brute Force attacks. An attacker can glean about user’s password from the hint provided.  Secret Question and Answer: A secret question like “Where were you born?” helps an attacker to limit a secret answer Brute Force Attack to city names.
  • 13. AUTHENTICATION TECHNIQUES AND INFRASTRUCTURES
  • 14. PLUGGABLE AUTHENTICATION MODULES (PAM)  Instead of having applications handle authentication on their own, they can use the PAM API and libraries to take care of the details.  Consistency is achieved when many applications perform the same authentication by referencing the same PAM module.  Additionally, applications needn’t be recompiled to change their authentication behavior: just edit a PAM configuration file(transparent to the application) and you’re done.
  • 15. SECURE SOCKETS LAYER (SSL)  It provides cryptographically assured privacy (encryption), integrity, optional client authentication, and mandatory server authentication.  Linux includes a popular implementation of SSL, called OpenSSL.
  • 16. WEB AUTHENTICATION STANDARDS
  • 17. SINGLE SIGN-ON  Single sign-on allows a user to enter a username and password only once and have access to multiple applications and environments within a session.  Single sign-on uses centralized authentication servers which all applications and systems use for authentication.
  • 18. OAUTH  Open Authentication (OAuth ) aims at creating an environment where information is shared securely across networks.  Each thread, which includes devices, applications and users, is constantly authenticated and is all- pervasive.  OAuth is a service that is complementary to, but distinct from, OpenID.
  • 19. OPENID  OpenID is a standard that simplifies signing in.  With OpenID you only use one username and one password to log in to all websites where you have an account.  It offers a secure way of identifying yourself on the Internet.  Used by: Google, Flickr, Yahoo, MySpace,WordPress