What's new
By:
Warez.Ge

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Advanced OAuth Security | Udemy

tut4it

tut4it

Active member
pAn6NWi.png
Advanced OAuth Security | Udemy [ Update 12/2022]
English | Size:
Genre: eLearning​

Learn the high-security OAuth extensions described in FAPI: PAR, JAR, JARM, DPoP, Mutual TLS, and HTTP Signatures

What you'll learn
How to leverage the advanced OAuth specifications for high-security applications
Learn the details of the FAPI specifications, including the FAPI Security Profile and FAPI Message Signing
Learn the purpose of JAR, JARM, MTLS, DPoP, HTTP Signatures, and Non-Repudiation
How to apply HTTP Message Signing and JWTs to achieve non-repudiation for every role in an OAuth exchange

Certain applications need a higher level of security compared to what is part of the core OAuth 2.0 specifications. This course will guide you through the details of FAPI, a set of extensions of OAuth 2.0 that provide additional layers of security throughout the OAuth flows.

This course covers the extensions of OAuth developed by the OAuth Working Group at the IETF as well as the OpenID Foundation, including:

PKCE

Authorization Server Issuer Identifier (iss)

Pushed Authorization Requests (PAR)

Mutual TLS (MTLS)

Private Key JWT

Demonstration of Proof of Possession (DPoP)

JWT Response for OAuth Token Introspection

JWT-Secured Authorization Requests (JAR)

JWT-Secured Authorization Response Mode (JARM)

HTTP Signatures

This course is for you because...

You've got a solid understanding of the basics of OAuth, and

You're looking to take your knowledge to the next level

You want to ensure the systems you're building are up to the industry standards in security

You want to deepen your understanding of application security and become a technical leader

Prerequisites

An understanding of HTTP requests, responses, and JSON

A basic understanding of JSON Web Tokens (JWT)

Familiarity with the OAuth authorization code flow

The content is divided into five parts, beginning with and overview of the OAuth authorization code flow, an overview of the security goals set out by FAPI and related extensions, as well as a description of the types of attacks we are concerned about protecting against. Part two focuses on securing the front channel, where we'll discuss authorization code injection attacks, PKCE, authorization server mixup attacks, and using Pushed Authorization Requests. Part three focuses on the back channel, and discusses the differences between Mutual TLS and Private Key JWT for client authentication. Part four is all about proof-of-possession (sender-constraining) access tokens using Mutual TLS and DPoP. Part five discusses how to achieve non-repudiation throughout each leg of the OAuth flow.

Who this course is for:
Software architects, application developers, or technical decision makers
API developers who want to better secure their APIs
Developers and software architects working in high-security fields working with financial or medical records

yMNlxlr.png

lzLY3aA.png

Code: 
https://rapidgator.net/file/28dfefc208269fde48f77c1dcdfdd88e/Advanced.OAuth.Security.part1.rar.html
https://rapidgator.net/file/418f4008e81b9fe435f879395ac83ba6/Advanced.OAuth.Security.part2.rar.html
DnAn0tn.png

Code: 
https://nitroflare.com/view/C4D01AF921C860B/Advanced.OAuth.Security.part1.rar
https://nitroflare.com/view/842C69D1545B277/Advanced.OAuth.Security.part2.rar
If any links die or problem unrar, send request to
Code: 
https://forms.gle/e557HbjJ5vatekDV9
 
You must log in or register to reply here.
New posts

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top