JWTs in Java for CSRF and Microservices

Post on 13-Jan-2017

238 views 6 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of JWTs in Java for CSRF and Microservices

••••

User Data

User Workflows Google ID

Your ApplicationsApplication SDK

Application SDK

Application SDK

ID Integrations

Facebook

Active Directory

SAML

encodeSecret =

"4pE8z3PBoHjnV1AhvGk+e8h2p+ShZpOnpr8cwHmMh1w="

computeHMACSHA256(

header + "." + payload,

base64DecodeToByteArray(encodedSecret)

)

Signature Computation Pseudo-code

.signWith( SignatureAlgorithm.HS256, "secret".getBytes("UTF-8") )

Short but not Sweet

String b64EncodedSecret =

"Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E=";

.signWith(

SignatureAlgorithm.HS256,

b64EncodedSecret.getBytes("UTF-8")

)

You’re Doing it Wrong

String b64EncodedSecret =

"Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E=";

.signWith(

SignatureAlgorithm.HS512,

TextCodec.BASE64.decode(b64EncodedSecret)

)

Supersize that Secret!

AuthenticationServiceAuthorizationServiceApplicationService

OrganizationServiceDirectoryServiceAccountServiceGroupService

DatabaseInfrastructure

DatabaseInfrastructure

GroupServiceAccountService

AuthenticationService AuthorizationService

ApplicationService OrganizationService DirectoryService

●○○

●●●●●●

○●

Top related

csrf(Crosss-Site Request Forgeries)
 Documents
JAW: Studying Client-side CSRF with Hybrid Property Graphs and … · 2021. 5. 16. · Client-side CSRF is a new category of CSRF vulnerability where the adversary can trick the client-side
 Documents
Web Security: Session management and CSRF
 Documents
Common Websites Security Issues - IL Hackilhack.org/...security_issues_Ziv_Perry_FatFish.pdf · SYN flooding XSS CSRF Sql injection. XSS CSRF Sql injection. XSS CSRF Cross Site Scripting
 Documents
NEUROPSYCHOLOGICAL CHANGES FOLLOWING - CSRF
 Documents
CSRF is dead - stephenreescarter.net€¦ · Browser rejects CSRF cookie when visiting mysite.com CSRF Cookie defaults to SameSite=Lax and is rejected by the browser due to the cross-site
 Documents
Oh no, was that CSRF #Ouch
 Technology
JWTs for CSRF and Microservices
 Technology
Microservices - NYS Forum Home cb..1.pdf · Agenda Technology What are Microservices? Characteristics of Microservices Microservices and SOA Challenges Strategy Adoption –Microservices
 Documents
CSRF Bouncing
 Documents
Tamper Data: CSRF examined toolsmith
 Documents
Microservices: Aren't Microservices Just SOA?
 Technology
WEB SECURITY: XSS & CSRF - University Of Maryland · XSS & CSRF CMSC 414 FEB 22 2018. Cross-Site Request Forgery (CSRF) URLs with side-effects
 Documents
Csrf change dns
 Internet
MICROSERVICES. MICROSERVICES CON WSo2. · PDF file1 Microservices. icroservices on So2 Sunqu 2016 WhitePaper MICROSERVICES. MICROSERVICES CON WSo2. por Julio Cejas - IT Advisor SUNQU
 Documents
Cross-site Request Forgery (CSRF)
 Documents
OWASP CSRF Protector_Minhaz
 Technology
[Php Camp]Owasp Php Top5+Csrf
 Education
Cross-site Request Forgery (CSRF) Attacks
 Documents
OWASP CSRF Protector
 Software

Copyright © 2022 FDOCUMENTS