SlideShare a Scribd company logo

AbedElilahElmahmoumP1.pptx

Download as PPTX, PDF
A
AbedElElahElMHMOOM

A Perfect Presentation to Describe Authentication and Authorization and how it is used in Web Application Security. Definitions and implementation and full example of how it works.

Technology
1 of 16
AUTHENTICATIO AND AUTHORIZATION IN WEB APPLICATIONS SECURITY Supervisor: D. Mayada Al Meghari Abed Elilah Elmahmoum Course :ITCS6322.20447.31.88- Web Applications Security
● Introduction ● Concepts ● Authentication vs. Authorization ● Applications examples ● Authentication Methods ● Authorization Methods ● Implementation and scenario CONTENTS
INTRODUCTION It seems that there is no way to go through a day without using authentication and authorization in our real-life and virtual-life.
CONCEPTS  Is the process of identifying users that request access to a system, network, or device.  Verify who you are? Authentication
CONCEPTS  Is the process of controlling user access via assigned roles & privileges.  What you can do? Authorization
Authentication vs. Authorization Authentication Authorization What does it do? Verifies credentials Grants or denies permissions How does it work? Through passwords, biometrics,…. Through settings maintained by security teams Is it visible to the user? Yes No It is changeable by the user? Partially No How does data move? Through ID tokens Through access tokens
Applications Exampels Applications that use authentication and authorization. Mobile application:  Social media apps (Facebook, Twitter, LinkedIn….).  Google apps (Gmail, Google Play…..).  Ecommerce apps. Web Applications:  Microsoft office.  Netflix.  Trello.
Authentications Methods  Passwords  Multi-Factor (MFA)  Single Sign-on (SSO)  Biometric  Token authentication
Authentications Methods Requires two or more independent ways to identify a user, for example Captcha tests, fingerprints. Multi-factor (MFA) Most common methods of authentication using password to access. Passwords Enables login to multiple applications via a central identity provider. Single Sign-on (SSO) Grants access to a user or device based on an access token ID they possess. Token authentication Unique biological characteristics of an individual like Facial, speaker recognition and fingerprint, eye scanners. Biometric
Authorization Methods Discretionary Access Control (DAC) Role-Based Access Control (RBAC) Mandatory Access Control (MAC) Attribute-based Access Control (ABAC)
Authorization Methods Defining which files and memory objects they can access. Mandatory Access Control (MAC) An entity is authorized if the authentication system finds that all the attributes defined in the policy are true. Attribute-based Access Control (ABAC) RBAC builds on predefined roles and privileges, assigns users to roles, and configures a system so that only specific roles can access each object. Role-Based Access Control (RBAC) DAC determines privileges depending on the specific user and their access groups. Discretionary Access Control (DAC)
Implementation and scenario Monolithic Application Authentication and Authorization: In the application, a security module is generally used to implement user authentication and authorization. For example: Software as a service (SaaS) office tools (such as Microsoft Office 365).
Implementation and scenario Monolithic application user authentication scenario: • User enter username and password. • Security module verify identity of the user. • Session is created for the user with a unique ID associated with the session. • A session stores login user information User name, Role, and Permission. • server returns the Session Id to the client. • The client records the Session Id as a cookie and sends it to the application in subsequent requests. • The application can then use the Session Id to verify the user’s identity, without having to enter a user name and password for authentication each time.
Implementation and scenario Monolithic application user authorization scenario: • The client accesses the application. • Session Id is sent to the application along with the HTTP request. • The security module generally processes all received client requests through an authorization interceptor. • This interceptor first determines whether the Session Id exists. • If the Session Id exists, it knows that the user has logged in. • Then, by querying the user rights, it is determined whether the user can execute the request or not.
Do you have any questions?
References • https://www.educba.com/authorization-types/ • shorturl.at/sMP47 • https://frontegg.com/blog/user-authorization • https://www.idrnd.ai/5-authentication-methods-that-can-prevent-the-next-breach/ • https://www.okta.com/identity-101/authentication-vs-authorization/ • https://medium.com/tech-tajawal/microservice-authentication-and-authorization-solutions-e0e5e74b248a • https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-is-saas/ • https://frontegg.com/blog/authentication-vs-authorization

Recommended

SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsFredBrandonAuthorMCP
 
ADAPTIVE AUTHENTICATION: A CASE STUDY FOR UNIFIED AUTHENTICATION PLATFORM
ADAPTIVE AUTHENTICATION: A CASE STUDY FOR UNIFIED AUTHENTICATION PLATFORM ADAPTIVE AUTHENTICATION: A CASE STUDY FOR UNIFIED AUTHENTICATION PLATFORM
ADAPTIVE AUTHENTICATION: A CASE STUDY FOR UNIFIED AUTHENTICATION PLATFORM csandit
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...WebStackAcademy
 
The user s identities
The user s identitiesThe user s identities
The user s identitiesGiuliano Latini
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
Requirements Tool
Requirements ToolRequirements Tool
Requirements Toolgilashikwa
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
Microsoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsMicrosoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsStefan Weber
 

Recommended

SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsFredBrandonAuthorMCP
 
ADAPTIVE AUTHENTICATION: A CASE STUDY FOR UNIFIED AUTHENTICATION PLATFORM
ADAPTIVE AUTHENTICATION: A CASE STUDY FOR UNIFIED AUTHENTICATION PLATFORM ADAPTIVE AUTHENTICATION: A CASE STUDY FOR UNIFIED AUTHENTICATION PLATFORM
ADAPTIVE AUTHENTICATION: A CASE STUDY FOR UNIFIED AUTHENTICATION PLATFORM csandit
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...WebStackAcademy
 
The user s identities
The user s identitiesThe user s identities
The user s identitiesGiuliano Latini
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
Requirements Tool
Requirements ToolRequirements Tool
Requirements Toolgilashikwa
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
Microsoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsMicrosoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsStefan Weber
 
Broken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptxBroken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptxManahari Darshika Pemarathna
 
Security Testing In Application Authentication
Security Testing In Application AuthenticationSecurity Testing In Application Authentication
Security Testing In Application AuthenticationRapidValue
 
A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!Caroline Johnson
 
Microsoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdfMicrosoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdfJohnDoe583546
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure webBen Abdallah Helmi
 
SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7Ben Abdallah Helmi
 
76 s201923
76 s20192376 s201923
76 s201923IJRAT
 
unit4.pptx
unit4.pptxunit4.pptx
unit4.pptxApurvSingh65
 
Salesforce DevOps Online Training Institute
Salesforce DevOps Online Training InstituteSalesforce DevOps Online Training Institute
Salesforce DevOps Online Training Instituteeshwarvisualpath
 
IDM in telecom industry
IDM in telecom industryIDM in telecom industry
IDM in telecom industryAjit Dadresa
 
MasterClass Login Using Biometric Authentication.docx
MasterClass Login Using Biometric Authentication.docxMasterClass Login Using Biometric Authentication.docx
MasterClass Login Using Biometric Authentication.docxNelSon186520
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Harikrishna Patel
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Conference Papers
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Conference Papers
 
Nt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAP
Nt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAPNt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAP
Nt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAPEvelyn Donaldson
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authenticationijtsrd
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions www.ijeijournal.com
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittalManoj Mittal
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

More Related Content

Similar to AbedElilahElmahmoumP1.pptx

Security Testing In Application Authentication
Security Testing In Application AuthenticationSecurity Testing In Application Authentication
Security Testing In Application AuthenticationRapidValue
 
A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!Caroline Johnson
 
Microsoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdfMicrosoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdfJohnDoe583546
 
76 s201923
76 s20192376 s201923
76 s201923IJRAT
 
Salesforce DevOps Online Training Institute
Salesforce DevOps Online Training InstituteSalesforce DevOps Online Training Institute
Salesforce DevOps Online Training Instituteeshwarvisualpath
 
IDM in telecom industry
IDM in telecom industryIDM in telecom industry
IDM in telecom industryAjit Dadresa
 
MasterClass Login Using Biometric Authentication.docx
MasterClass Login Using Biometric Authentication.docxMasterClass Login Using Biometric Authentication.docx
MasterClass Login Using Biometric Authentication.docxNelSon186520
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Harikrishna Patel
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Conference Papers
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Conference Papers
 
Nt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAP
Nt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAPNt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAP
Nt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAPEvelyn Donaldson
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authenticationijtsrd
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittalManoj Mittal
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 

Similar to AbedElilahElmahmoumP1.pptx (20)

Broken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptxBroken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptx
 
Security Testing In Application Authentication
Security Testing In Application AuthenticationSecurity Testing In Application Authentication
Security Testing In Application Authentication
 
A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!
 
Microsoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdfMicrosoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdf
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure web
 
SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7
 
76 s201923
76 s20192376 s201923
76 s201923
 
unit4.pptx
unit4.pptxunit4.pptx
unit4.pptx
 
Salesforce DevOps Online Training Institute
Salesforce DevOps Online Training InstituteSalesforce DevOps Online Training Institute
Salesforce DevOps Online Training Institute
 
IDM in telecom industry
IDM in telecom industryIDM in telecom industry
IDM in telecom industry
 
MasterClass Login Using Biometric Authentication.docx
MasterClass Login Using Biometric Authentication.docxMasterClass Login Using Biometric Authentication.docx
MasterClass Login Using Biometric Authentication.docx
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...
 
Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...Adaptive authentication to determine login attempt penalty from multiple inpu...
Adaptive authentication to determine login attempt penalty from multiple inpu...
 
Nt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAP
Nt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAPNt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAP
Nt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAP
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authentication
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittal
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal Thing
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

AbedElilahElmahmoumP1.pptx

  • 1. AUTHENTICATIO AND AUTHORIZATION IN WEB APPLICATIONS SECURITY Supervisor: D. Mayada Al Meghari Abed Elilah Elmahmoum Course :ITCS6322.20447.31.88- Web Applications Security
  • 2. ● Introduction ● Concepts ● Authentication vs. Authorization ● Applications examples ● Authentication Methods ● Authorization Methods ● Implementation and scenario CONTENTS
  • 3. INTRODUCTION It seems that there is no way to go through a day without using authentication and authorization in our real-life and virtual-life.
  • 4. CONCEPTS  Is the process of identifying users that request access to a system, network, or device.  Verify who you are? Authentication
  • 5. CONCEPTS  Is the process of controlling user access via assigned roles & privileges.  What you can do? Authorization
  • 6. Authentication vs. Authorization Authentication Authorization What does it do? Verifies credentials Grants or denies permissions How does it work? Through passwords, biometrics,…. Through settings maintained by security teams Is it visible to the user? Yes No It is changeable by the user? Partially No How does data move? Through ID tokens Through access tokens
  • 7. Applications Exampels Applications that use authentication and authorization. Mobile application:  Social media apps (Facebook, Twitter, LinkedIn….).  Google apps (Gmail, Google Play…..).  Ecommerce apps. Web Applications:  Microsoft office.  Netflix.  Trello.
  • 8. Authentications Methods  Passwords  Multi-Factor (MFA)  Single Sign-on (SSO)  Biometric  Token authentication
  • 9. Authentications Methods Requires two or more independent ways to identify a user, for example Captcha tests, fingerprints. Multi-factor (MFA) Most common methods of authentication using password to access. Passwords Enables login to multiple applications via a central identity provider. Single Sign-on (SSO) Grants access to a user or device based on an access token ID they possess. Token authentication Unique biological characteristics of an individual like Facial, speaker recognition and fingerprint, eye scanners. Biometric
  • 10. Authorization Methods Discretionary Access Control (DAC) Role-Based Access Control (RBAC) Mandatory Access Control (MAC) Attribute-based Access Control (ABAC)
  • 11. Authorization Methods Defining which files and memory objects they can access. Mandatory Access Control (MAC) An entity is authorized if the authentication system finds that all the attributes defined in the policy are true. Attribute-based Access Control (ABAC) RBAC builds on predefined roles and privileges, assigns users to roles, and configures a system so that only specific roles can access each object. Role-Based Access Control (RBAC) DAC determines privileges depending on the specific user and their access groups. Discretionary Access Control (DAC)
  • 12. Implementation and scenario Monolithic Application Authentication and Authorization: In the application, a security module is generally used to implement user authentication and authorization. For example: Software as a service (SaaS) office tools (such as Microsoft Office 365).
  • 13. Implementation and scenario Monolithic application user authentication scenario: • User enter username and password. • Security module verify identity of the user. • Session is created for the user with a unique ID associated with the session. • A session stores login user information User name, Role, and Permission. • server returns the Session Id to the client. • The client records the Session Id as a cookie and sends it to the application in subsequent requests. • The application can then use the Session Id to verify the user’s identity, without having to enter a user name and password for authentication each time.
  • 14. Implementation and scenario Monolithic application user authorization scenario: • The client accesses the application. • Session Id is sent to the application along with the HTTP request. • The security module generally processes all received client requests through an authorization interceptor. • This interceptor first determines whether the Session Id exists. • If the Session Id exists, it knows that the user has logged in. • Then, by querying the user rights, it is determined whether the user can execute the request or not.
  • 15. Do you have any questions?
  • 16. References • https://www.educba.com/authorization-types/ • shorturl.at/sMP47 • https://frontegg.com/blog/user-authorization • https://www.idrnd.ai/5-authentication-methods-that-can-prevent-the-next-breach/ • https://www.okta.com/identity-101/authentication-vs-authorization/ • https://medium.com/tech-tajawal/microservice-authentication-and-authorization-solutions-e0e5e74b248a • https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-is-saas/ • https://frontegg.com/blog/authentication-vs-authorization