Security Flashcards
Authentication
verifying the identity of something(user, system)
Authorization
checking what permissions to give that entity
Encryption
Transforming data so it is unreadable to people without the key. Turn plain text into cypher text.(Hash function)
SSL and TLS do what
allow clients to create secured sessions. Encryption happens automatically
describe the difference between the public and the private key
the public key is kept somewhere accessible by clients and used to encrypt data. the private key is kept secret and used to decrypt messages
Digital certificate
data files used to establish the identity of users and electronic assests
how does a digital certificate establish the secure connection
DS copied to CA. when client accesses the web app, CA sends DS. Client uses CA public key to decode the DS. once the client verifies the identity it can use the companies public key to encrypt/decrypt messages
reasons to use OAuth2.0
don’t need to handle users and roles. good UI. and rely on well established services
resource owner
the user giving access to some portion of their account
resource server
the API server used to access the users info
Authorisation server
the server that presents the interface where the user approves or denies the request
client
the application attempting to access the users account
what are the 3 grant types
authorization code, client credentials and password