Security and Authentication

Secure Coding Guide

Security programming and secure coding guide.

• Secure Coding Overview
• Information Exposure Through Error Messages
• SQL Injection
• Cross-Site Scripting (XSS)
• Automatic Connection to an Untrusted URL
• System Data Information Exposure
• Upload of Dangerous File Types
• Path Manipulation and Resource Injection
• Hard-coded Passwords
• Weak Password Requirements
• One-way Hash Functions Without Salt
• Use of Weak Cryptographic Algorithms
• Missing Limits on Repeated Authentication Attempts
• Operating System Command Injection
• Null Pointer Dereference
• Improper Resource Release
• Improper Authorization

OAuth 2.0

OAuth 2.0 is an authorization framework for delegated access.

Kerberos

Kerberos is a ticket-based network authentication protocol.

SAML (Security Assertion Markup Language)

SAML exchanges authentication and authorization assertions in XML.

Cryptography

Cryptography protects data through hashing and encryption.

What is JWT?

JWT is a self-contained token format used to exchange claims between systems.