Skip to content

Commit bf702f3

Browse files
sai1004sai1004
committed
commit
1 parent 47e8db4 commit bf702f3

3 files changed

Lines changed: 57 additions & 15 deletions

File tree

03.WebAnalysis/01.web-basics/03.Authentication.md

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
what’s JWT?
2+
3+
JSON Web Token(JWT) is an open standard (RFC7519) for securely transmitting information between endpoints as JSON Objects. It is mainly
4+
used to prove that the sent data was actually created by authentic source.
5+
6+
JWT Consists Of Three Concatenated Base64Url-Encoded strings, separated by dots (.)
7+
8+
They Are:
9+
10+
1. Header
11+
2. Payload
12+
3. Signature
13+
14+
A JWT Typically looks like:
15+
16+
xxxxx.yyyyy.zzzzz
17+
18+
1. Header:
19+
20+
The First Part Typically Consists Of Two Parts; the type of the token, which is JWT, and the signing algorithm being used such as HMAC SHA256 or RSA.
21+
If you don’t define the algorithm, it uses HS256 by default.
22+
23+
For example:
24+
25+
{
26+
27+
“alg”: “HS256”,
28+
“typ”: “JWT”
29+
}
30+
31+
2. Payload:
32+
33+
The second part consists of a set of claims that are basically verifiable security statements, such as the identity of the user and the permissions they are allowed.
34+
There are three types of claims: registered, public, and private claims. Note that the claim names are short as JWT is meant to be compact for fast requests.
35+
And wait! Be careful not to put sensitive data such as passwords in your payload as this can easily be decoded.
36+
37+
An example payload could be:
38+
39+
{
40+
“sub”: “123456789”,
41+
“name”: “Will Smith”,
42+
“admin”: true
43+
}
44+
45+
3. Signature:
46+
47+
The last part is the signature which is the sum of the encoded header, the encoded payload, a secret, and lastly, the algorithm which is specified in the header.
48+
49+
For example, if you want to use the HS256 algorithm, the signature would be created in the following way:
50+
51+
HS256 (
52+
base64UrlEncode(header) + “.” +
53+
base64UrlEncode(payload),
54+
secret
55+
56+
)

14.CyberSecurity/NetworkProtocolsSecurity.md

Lines changed: 0 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,5 @@
11
<h2>HTTPS: </h2>
22

3-
4-
5-
63
<h2>Kerbrose: </h2>
74

85
KDC
@@ -17,34 +14,22 @@
1714
| | |
1815
|_______________|_________|
1916

20-
21-
2217
<h2></h2>
2318

24-
25-
2619
<h2></h2>
2720

28-
29-
3021
<h2></h2>
3122

32-
3323
<h2></h2>
3424

35-
3625
<h2></h2>
3726

38-
3927
<h2></h2>
4028

4129
<h2></h2>
4230

43-
4431
<h2></h2>
4532

46-
4733
<h2></h2>
4834

49-
5035
<h2></h2>

14.CyberSecurity/ssh.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,3 @@
11
https://hsploit.com/ssh-brute-force-protection-with-fail2ban/
2+
23
https://null-byte.wonderhowto.com/how-to/hack-like-pro-linux-basics-for-aspiring-hacker-part-15-creating-secure-tunnel-mysql-0150916/

0 commit comments

Comments
 (0)