Useful Links
Computer Science
Cybersecurity
Web Security and Privacy
1. Introduction to Web Security and Privacy
2. Core Web Technologies and Security Models
3. Client-Side Vulnerabilities
4. Server-Side Vulnerabilities
5. Cryptography in Web Security
6. Authentication and Authorization
7. Web Privacy
8. Secure Development Lifecycle
9. Advanced Web Security Topics
Authentication and Authorization
Authentication Mechanisms
Password-Based Authentication
Password Policies
Password Managers
Multi-Factor Authentication
Something You Know
Something You Have
Something You Are
MFA Implementation Challenges
Passwordless Authentication
Email Links
SMS Links
Hardware Tokens
Biometric Authentication
Authorization and Access Control
Role-Based Access Control
Roles and Permissions
Implementation Patterns
Attribute-Based Access Control
Policy Definition
Attribute Management
Access Control Lists
Resource-Based ACLs
User and Group Permissions
Insecure Direct Object References
Exploitation Techniques
Prevention Strategies
Federated Identity and Single Sign-On
Security Assertion Markup Language
SAML Assertions
SAML Flows
OpenID Connect
OIDC Protocol Flow
ID Tokens
OAuth 2.0 Framework
OAuth Roles
Resource Owner
Client
Authorization Server
Resource Server
Grant Types
Authorization Code Grant
Implicit Grant
Resource Owner Password Credentials Grant
Client Credentials Grant
Access Tokens and Refresh Tokens
Token Lifetimes
Token Revocation
JSON Web Tokens
JWT Structure
Header
Payload
Signature
Security Considerations
Token Expiry
Signature Verification
Token Storage
Previous
5. Cryptography in Web Security
Go to top
Next
7. Web Privacy