Explore >> Select a destination
|
You are here 
|
mathieu.fenniak.net | ||
| | | | |
www.sjoerdlangkemper.nl
|
|
| | | | | This article describes how cross site request forgery works, how sites defend against it and how to bypass these defenses. | |
| | | | |
www.rasikjain.com
|
|
| | | | | Here are three scenarios for implementing authentication workflows. Internet Applications (Public facing) For internet web applications and APIs, Session based (SessionID cookie) and Token Based (JWT) Authentication can be implemented. Session Based: Implemented for a majority of traditional and stateful web applications. Once the user is authenticated, A Session state is created and stored in an external State server or SQL database. The Session state is identified by a unique SessionID.... | |
| | | | |
introvertmac.wordpress.com
|
|
| | | | | What is CSRF ? "Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts." - Wikipedia CSRF is at 8th position in OWASP... | |
| | | | |
svrooij.io
|
|
| | | I'm super enthusiastic about managed identities, because it allows you to deploy your application without having to worry about credentials. Federated credentials are a way to accomplish the same for none Azure resources. You can use federated credentials to authenticate several tasks inside Github Actions, and thus securely deploy your app to Azure without the need of a secret configured in GitHub. As the regular readers might expect this post will explain how federated credentials actually work inside GitHub Actions, a deep dive into the techniques that are actually driving this feature. Get a federation token from GitHub | ||
