Authentication
Authentication is the process of verifying that a user, device, or system is who or what it claims to be, typically before granting access to a resource. It is distinct from authorization, which determines what an authenticated identity is allowed to do, and is commonly implemented via passwords, tokens, biometrics,…
57 resources across 3 libraries
Glossary Terms(11)
OWASP
OWASP (Open Worldwide Application Security Project) is a nonprofit foundation dedicated to improving software security through open, community-driven resources…
Zero Trust
Zero Trust is a security model built on the principle 'never trust, always verify': no user, device, or network location is trusted by default, even inside a t…
VPN
A VPN (Virtual Private Network) creates an encrypted tunnel between a device and a remote network or gateway over the public internet, making traffic appear as…
SSL
SSL (Secure Sockets Layer) is the original cryptographic protocol for encrypting communication between a client and a server over a network, developed by Netsc…
TLS
TLS (Transport Layer Security) is the standard cryptographic protocol for securing data in transit over a network, succeeding SSL. It provides encryption, data…
Authentication
Authentication is the process of verifying that a user, device, or system is who or what it claims to be, typically before granting access to a resource. It is…
Authorization
Authorization is the process of determining what an authenticated identity is permitted to do within a system — which resources it can read, modify, or delete.…
OAuth
OAuth is an open standard authorization protocol that lets a user grant a third-party application limited access to their resources on another service, without…
JSON Web Token (JWT)
A JSON Web Token (JWT) is a compact, URL-safe, digitally signed token format used to represent claims — such as a user's identity or permissions — that can be…
Session Management
Session management is the set of techniques a web application uses to track a user's state — such as being logged in — across multiple HTTP requests, since HTT…
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is an attack that tricks an authenticated user's browser into unknowingly submitting a malicious request to a web application…
Study Notes(27)
Authentication in WCF
How WCF authenticates callers via clientCredentialType options across transport and message security, including Windows, Certificate, UserName, and IssuedToken.
Authentication in MVC
How ASP.NET MVC applications verify user identity using Forms Authentication, ASP.NET Identity, OWIN middleware, and external login providers.
Authorization and Roles
How ASP.NET MVC restricts access to controllers and actions using the [Authorize] attribute, role-based checks, and custom policy-style filters.
Kerberos Authentication
How Active Directory's ticket-based Kerberos protocol authenticates users and services without repeatedly transmitting passwords, and how to diagnose its most…
Authentication and AuthorizeView
Learn how Blazor's AuthenticationStateProvider, AuthorizeView, and the [Authorize] attribute work together to build authentication-aware UI.
Authentication with ASP.NET Core Identity
Learn how ASP.NET Core Identity manages users, passwords, and cookie-based sign-in for server-rendered and hybrid applications.
JWT Bearer Authentication
Understand how to secure ASP.NET Core Web APIs with stateless JSON Web Tokens issued and validated via the JWT bearer scheme.
Authentication and Storage State Reuse
Save and reuse Playwright's storageState to skip repeated UI logins, share auth across projects, and manage multiple user roles.
Handling Authentication in Tests
Learn how to bypass slow UI logins with programmatic authentication and cy.session() caching, and how to handle third-party SSO safely.
PowerShell for Azure
Use the Az PowerShell module to authenticate, provision, and automate Azure resources at scale.
OAuth vs Authentication
Clears up the most common OAuth misconception: OAuth 2.0 is an authorization protocol, not an authentication protocol, and explains where OpenID Connect fits i…
Authentication and the Handshake
Understand the Socket.IO handshake process and how to securely authenticate clients using the auth payload, middleware, and token renewal on reconnect.
Security Considerations
How to authenticate, authorize, and harden Socket.IO connections against common attacks.
RabbitMQ Security Basics
Core practices for securing a RabbitMQ deployment: authentication, authorization, TLS, and network hardening.
Broken Authentication Risks
Understand how authentication mechanisms fail in practice — from credential stuffing to weak session handling — and how OWASP frames these risks.
Multi-Factor Authentication
Understand the categories of authentication factors, how TOTP and WebAuthn work under the hood, and why MFA dramatically reduces account-takeover risk.
Elasticsearch Security Basics
Core security features of Elasticsearch: authentication, role-based access control, TLS, and audit logging.
gRPC Authentication with TLS
How gRPC uses TLS and mutual TLS to secure transport, and how call credentials layer token-based authorization on top for production services.
Authentication and Authorization in Spring
How Spring Security distinguishes proving identity (authentication) from granting access (authorization), covering roles, method security, and JWT-based statel…
User Authentication in Flask
Understand the core building blocks of authenticating users in Flask: password hashing, login forms, and session-backed identity.
User Authentication in Django
Django's auth framework provides a User model, session-based login/logout, password hashing, and decorators to protect views — all ready to use out of the box.
Authentication Patterns in Next.js
How to implement session-based and token-based authentication in Next.js, protect routes with middleware, and handle auth in Server Components and Server Actio…
Authentication and Authorization in GraphQL
Learn how to authenticate requests and enforce field-level authorization in a GraphQL API, and avoid common security pitfalls.
Authentication Basics and JWT
Learn how authentication works in web APIs and how JSON Web Tokens (JWT) provide a stateless way to verify user identity.
Showing 24 of 27.
Interview Questions(19)
What Are the Basic Security Mechanisms in an Operating System?
An operating system enforces security through authentication (verifying who a user is), authorization (deciding what an authenticated user may do via permissio…
What is LDAP (Lightweight Directory Access Protocol)?
LDAP (Lightweight Directory Access Protocol) is an application-layer protocol, typically running on TCP port 389 (or 636 for LDAPS), used to query and modify h…
HTTP Headers Explained: Key Types and Uses
HTTP headers are key-value metadata sent alongside a request or response that control behavior without touching the body — covering content negotiation (Accept…
What is RADIUS (Remote Authentication Dial-In User Service)?
RADIUS (Remote Authentication Dial-In User Service) is a client-server networking protocol that centralizes AAA — Authentication, Authorization, and Accounting…
What is TACACS+?
TACACS+ (Terminal Access Controller Access-Control System Plus) is a Cisco-designed AAA protocol that fully encrypts the entire packet body and separates authe…
What is Kerberos in Networking?
Kerberos is a network authentication protocol that uses trusted third-party ticket-granting servers and symmetric-key cryptography to let clients and services…
What is an API Gateway (from a Networking Perspective)?
An API gateway is a single, network-facing entry point that sits in front of a collection of backend services and handles cross-cutting request concerns — rout…
What is a Replay Attack?
A replay attack is when an attacker captures a legitimate, valid piece of network traffic — such as an authentication token or transaction request — and retran…
What is an API Gateway?
An API gateway is a single entry point that sits in front of a system’s backend services, routing client requests to the right service while centrally handling…
API Gateway vs Load Balancer: What Is the Difference?
A load balancer distributes incoming traffic across multiple identical instances of a single service to spread load and provide failover, while an API gateway…
How Do You Manage User Sessions Across Multiple Servers?
Distributed session management means ensuring a logged-in user’s session data is available no matter which of many stateless application servers handles their…
Cookies vs Sessions vs JWT
A cookie is a small piece of data the browser stores and sends back with each request; a session keeps user state on the server and uses a cookie holding only…
What Is OAuth?
OAuth is an authorization framework that lets a user grant a third-party application limited access to their resources on another service, without ever sharing…
What is CSRF?
CSRF (Cross-Site Request Forgery) is an attack where a malicious site tricks a victim's browser into sending an authenticated request to another site the victi…
What Are JWT Security Best Practices?
Secure JWT usage means always validating the signature with a fixed, expected algorithm on the server, keeping tokens short-lived with refresh rotation, storin…
What Is a Session Fixation Attack and How Do You Prevent It?
Session fixation is an attack where an attacker sets or predicts a victim’s session identifier before login and then, once the victim authenticates using that…
What Is Refresh Token Rotation?
Refresh token rotation is a security pattern where every time a refresh token is used to obtain a new access token, the server also issues a brand-new refresh…
What Is the API Gateway Pattern?
An API gateway is a single entry point that sits in front of a set of backend services, routing each incoming request to the right service while centrally hand…
What is an API Gateway?
An API Gateway is a single, managed entry point that sits in front of a set of backend services, handling cross-cutting concerns like authentication, rate limi…