Ultimate web authentication handbook : strengthen web security by leveraging cryptography and authentication protocols such as OAuth, SAML and FIDO / Sambit Kumar Dash.

Format:

Book

Author/Creator:

Dash, Sambit Kumar, author.

Language:

English

Subjects (All):

Computer networks--Security measures.

Computer networks.

Computer security.

Cryptography.

Physical Description:

1 online resource (210 pages)

Edition:

First edition.

Place of Publication:

Delhi, India : Orange Education Pvt Ltd, [2023]

Summary:

In today's digital landscape, web apps evolve rapidly, demanding enhanced security. This Ultimate Web Authentication Handbook offers a comprehensive journey into this realm. Beginning with web authentication basics, it builds a strong foundation. You'll explore cryptography fundamentals, essential for secure authentication. The book delves into the connection between authentication and network security, mastering federated authentication via OAuth and OIDC protocols. You'll also harness multi factor authentication's power and stay updated on advanced trends. The book expands on deepening your understanding of Java Web Token (JWT), FIDO 2, WebAuthn, and biometric authentication to fortify web apps against multifaceted threats. Moreover, you'll learn to use Identity and Access Management (IAM) solutions for constructing highly secure systems. Whether you're a developer, security enthusiast, or simply curious about web security, this book unlocks the secrets of secure online interactions.

Contents:

Intro

Cover Page

Title Page

Copyright Page

Dedication Page

Foreword

About the Author

About the Reviewer

Acknowledgement

Preface

Errata

Table of Contents

1. Introduction to Web Authentication

Introduction

Structure

Tools and Resources

MDN Web Docs

Google Chrome

CURL

OpenSSL

Go Language

Flutter Framework

HTTP Protocol Basics

Headers

Cookies

Session Management

Minimal Web Server

Counter Cookie

Session Cookie

Protecting the Cookies

Web Architecture

Web Application Architecture

Introduction to Authentication

Credentials and access tokens

Authentication over HTTP

Limitations

Form-based authentication

Conclusion

Questions

2. Fundamentals of Cryptography

Security by Obscurity

Message Consistency

Protection

Symmetric Cryptography

Encryption

Signing

Password Safety

Asymmetric Cryptography

Digital Signing

Digital Certificates

Certificate Profile

Issuance

Examples

Self-Signed Certificate for CA

Generating RSA Keypair and CSR

Signing the CSR with CA

Viewing the Certificate

PKCS#12 Container

Encryption Using Certificates

Signing Using Certificates

Digital Signing for Authentication

Reference Books

3. Authentication with Network Security

Network Protocols

Transport Layer Security

Server Authentication

Client Authentication

Web Browser Support

Client Certificates

Non-TLS certificate-based authentication

4. Federated Authentication-I

Federated authentication

Service provider initiated

IDP initiated

Single sign-on

Authentication ticket or token

Claims-based authentication

SAML token

Metadata.

Profiles

Binding

Configuring the identity provider

Configuring the HR app service provider

Session management

Protecting the APIs

IDP-initiated authentication

Protected resources

Identity and access management

5. Federated Authentication - II (OAuth and OIDC)

Authentication vs authorization

OAuth protocol

3-legged OAuth protocol

Web application displaying GitHub user data

Limited capability device

Command line utility for GitHub

Native applications

Authorization server

Integration and Resource Server

Native client using Flutter

Token issuance

Token expiry

Scopes

OpenID Connect (OIDC)

Using OAuth for Authentication

Identity Token

JSON Web Token

Login with Google

Configuring the Google Cloud Platform

User Experience

Token Security

Token Expiry

Service Endpoints

Web front end

6. Multifactor Authentication

Factors of authentication

OTP-based authentication

HOTP Sample

Synchronization of the counter

Unattended HOTP devices

Time-based OTP

Synchronization of time

Exchanging shared secret

Other OTP-like authenticators

Fast Identity Online (FIDO)

Registration

Authentication

Sample code and user interface

Selection of FIDO 2 Devices

Front end for registration

REST APIs for registration

Device Attestation

Device Security

Bringing it all together

Authorization policy

Server-rendered authentication forms

User consent

Post Registration

7. Advanced Trends in Authentication

Digital identity

Proliferation of identities

Foundational identity

Digital identity.

Indian National Foundational Identity (Aadhaar)

Validation

Ecosystem

Beyond India (MOSIP)

Know your customer

Beyond identity

e-Signing

Identity Wallets

Biometric authentication

Fingerprint

Face biometry

Other biometric technologies

Local vs. server authentication

Liveness and antispoofing mechanisms

Post-quantum cryptography

Current status

Zero trust architecture

Standardization

Appendix A: The Go Programming Language Reference

Installation

The Go Play Ground

Hello World

Simple function

Closure

HTTP server

Built-in data types

Variables

Pointers

Global vs. local

Control flow

Error handling

User-defined data types

Interface

Exporting methods and variables

Resolving package dependencies

Appendix B: The Flutter Application Framework

DartPad

Fibonacci function

Futures

HTTP Requests

User interface

Stateless vs stateful widgets

Providers and change notifications

Appendix C: TLS Certificate Creation

Root certificate

Intermediate CA

TLS server certificate

Generating the PKCS-12 file

Client hierarchy

Index.

Notes:

Description based on publisher supplied metadata and other sources.

Description based on print version record.

Includes bibliographical references and index.

Other Format:

Print version: Dash, Sambit Kumar Ultimate Web Authentication Handbook: Strengthen Web Security by Leveraging Cryptography and Authentication Protocols Such As OAuth, SAML and FIDO

ISBN:

9788119416462

8119416465

OCLC:

1406409953