Web application developers are always on the lookout for ways to secure their applications. It has become the most fundamental part of any web application considering the rise in the number of cyber-attacks. This course will be your handy guide to the basic terminologies and frameworks related to web application security.

 In this course, you will learn what JWT is, how a JWT is created, and what benefits it provides in token-based authentication. You will learn about why HTTPS was introduced and how it revolutionized the way data is transferred using techniques like encryption and handshake. You will also dive deep into the most commonly used authentication and authorization frameworks called OAuth and OpenId Connect. This course will give you a taste of what web API security is all about and will give you the foundation so you can further your learning of application security.

Web Security and Access Management: JWT, OAuth2 & OpenId Connect

Until now, we have not discussed a very important aspect of JWT, the key management.

Let us look at some questions that can be raised regarding keys.


_1. Will the secret key always remain the same, or will it be changed after regular intervals?_

_2. If the secret key is changed, then what would happen to the tokens signed by older keys?_

_3. If we are using asymmetric signing and the private key is changed, how will we share the new public keys with all the applications?_



We will answer each of these questions one by one.

This lesson discusses various methods that can be used for key management.

Getting started with Web Application Security

HTTPS Basics

JSON Web Token

OAuth

OpenID Connect

Conclusion

Cryptographic Key Management