https://jaaved.netlify.app/tags/security/Recent content in security on Jaaved Ali KhanHugo -- gohugo.ioen-usTue, 07 May 2024 22:22:14 +0300https://jaaved.netlify.app/notes/cryptography--20220327-095852/Tue, 07 May 2024 22:22:14 +0300https://jaaved.netlify.app/notes/cryptography--20220327-095852/tags : Summary # Cryptography is the study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents. with added benefit of being able to prove the correctness of the message and the identity of sender. Very valuable indeed. The term is derived from the Greek word kryptos, which means hidden. It is closely associated to [[][encryption ]], which is the act of scrambling ordinary text into what’s known as ciphertext and then back again upon arrivalhttps://jaaved.netlify.app/notes/public_key_cryptography--20230528-171205/Sat, 23 Sep 2023 14:06:55 +0300https://jaaved.netlify.app/notes/public_key_cryptography--20230528-171205/tags : Summary # wikipedia Limitation of symmetric key is exchange of private key, public key only the public is shared and private key never leaves the owner. Not efficient: computationally expensive. # Validating the authenticity of public keys at Internet scale is a formidable challenge. The Public Key Infrastructure, used to implement on the web, address this problem by trusting a third party known as to vouch for public keys.https://jaaved.netlify.app/notes/encryption--20220327-100236/Tue, 12 Sep 2023 12:30:20 +0400https://jaaved.netlify.app/notes/encryption--20220327-100236/Summary # Def 1 # Encryption is a means of securing digital data using one or more mathematical techniques, along with a password or “key” used to decrypt the information. The encryption process translates information using an algorithm that makes the original information unreadable. ref Def 2 # Encryption is the process of using a to convert plain text messages to unreadable Decryption: is the reverse of that process. mathematically encryption is: function(plain text) = ciphertexthttps://jaaved.netlify.app/notes/diff_csrftoken_cookie_vs_csrfmiddlewaretoken_in_django--20210912-103213/Sat, 14 Jan 2023 20:20:48 +0400https://jaaved.netlify.app/notes/diff_csrftoken_cookie_vs_csrfmiddlewaretoken_in_django--20210912-103213/Answser # ref: # https://stackoverflow.com/questions/5588374/django-csrftoken-cookie-vs-csrfmiddlewaretoken-html-form-value related # When a user visits a site, the site should generate a (cryptographically strong) pseudorandom value and set it as a cookie on the user’s machine. The site should require every form submission to include this pseudorandom value as a form value and also as a value. When a POST request is sent to the site, the request should only be considered valid if the form value and the cookie value are the same.https://jaaved.netlify.app/notes/xss--20210912-104338/Sat, 14 Jan 2023 20:16:05 +0400https://jaaved.netlify.app/notes/xss--20210912-104338/Summary # This attack is dangerous than , much greater damage can be done. Details fc # position ease box interval due front 2.5 0 0 2021-09-12T07:48:27Z Cross-site scripting (XSS) is a type of web application security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.https://jaaved.netlify.app/notes/tls--20220327-103128/Wed, 06 Apr 2022 09:59:20 +0300https://jaaved.netlify.app/notes/tls--20220327-103128/Summary # Transport Layer Security(TLS), the successor of the now-deprecated Secure Sockets Layer(SSL) is a cryptography protocol. TLS paired with HTTP is called as HTTPS. TLS runs a separate layer that wraps TCP connections. It supplies only the security for the connection and does not involve itself in the HTTP transaction. Because of the this hygienic architecture, TLS can secure not only HTTP but also other protocols such ass SMTP.https://jaaved.netlify.app/notes/same_origin_policy--20210912-105009/Mon, 04 Apr 2022 10:31:48 +0300https://jaaved.netlify.app/notes/same_origin_policy--20210912-105009/Summary # The same-origin policy is a critical security mechanism that restricts how a document or script loaded by one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attack vectors. For example, it prevents a malicious website on the Internet from running JS in a browser to read data from a third-party webmail service (which the user is signed into) or a company intranet (which is protected from direct access by the attacker by not having a public IP address) and relaying that data to the attacker.