Web application developers are always on the lookout for ways to secure their applications. It has become the most fundamental part of any web application considering the rise in the number of cyber-attacks. This course will be your handy guide to the basic terminologies and frameworks related to web application security.

 In this course, you will learn what JWT is, how a JWT is created, and what benefits it provides in token-based authentication. You will learn about why HTTPS was introduced and how it revolutionized the way data is transferred using techniques like encryption and handshake. You will also dive deep into the most commonly used authentication and authorization frameworks called OAuth and OpenId Connect. This course will give you a taste of what web API security is all about and will give you the foundation so you can further your learning of application security.

Web Security and Access Management: JWT, OAuth2 & OpenId Connect

## What is web application security?

Web application security deals with securing websites, mobile apps, and web APIs. Hackers subject web applications to different kinds of attacks, with the objective of stealing data or defacing a website.

Types of attacks differ based on the mode of attack and the attacker's objective. Common web attacks include SQL Injection, Cross-site scripting attack, Cross-site Request forgery, and Denial-of-Service attack. We will discuss some of them in the upcoming lessons.



## Why do we need to secure web applications?

As many things are moving online, attackers have easier access to information shared on the internet. Millions of financial transactions take place over the Internet every day, and large amounts of private data is shared.
If a web application is not secured, then it can cause a considerable loss to its users. To safeguard the interest of its users, the owners of any given website must take the necessary steps to prevent attacks. It is the responsibility of the website owners to put a proper system in place so only the intended users can view its data and perform actions on the website.


## Prerequisites
There are no prerequisites for this course. This course assumes that you are completely new to web application security and introduces all the topics from scratch.

## What you will learn from this course

By the end of this course, you will be familiar with the different authentication and authorization frameworks like OAuth and OpenId Connect. You will also get to know different authentication mechanisms, like session-based and token-based authentication. Finally, you will gain a good understanding of what JSON Web Tokens are and how they work.

---
We will start this course by discussing some of the most common attacks on web applications. In the next lesson, we will discuss the Cross-site Scripting Attack. 


# What is web application security?

Web application security deals with securing websites, mobile apps, and web APIs. Hackers subject web applications to different kinds of attacks, with the objective of stealing data or defacing a website.

Types of attacks differ based on the mode of attack and the attacker's objective. Common web attacks include SQL Injection, Cross-site scripting attack, Cross-site Request forgery, and Denial-of-Service attack. We will discuss some of them in the upcoming lessons.



# Why do we need to secure web applications?

As many things are moving online, attackers have easier access to information shared on the internet. Millions of financial transactions take place over the Internet every day, and large amounts of private data is shared.
If a web application is not secured, then it can cause a considerable loss to its users. To safeguard the interest of its users, the owners of any given website must take the necessary steps to prevent attacks. It is the responsibility of the website owners to put a proper system in place so only the intended users can view its data and perform actions on the website.


# Prerequisites
There are no prerequisites for this course. This course assumes that you are completely new to web application security and introduces all the topics from scratch.

# What you will learn from this course

By the end of this course, you will be familiar with the different authentication and authorization frameworks like OAuth and OpenId Connect. You will also get to know different authentication mechanisms, like session-based and token-based authentication. Finally, you will gain a good understanding of what JSON Web Tokens are and how they work.

---
We will start this course by discussing some of the most common attacks on web applications. In the next lesson, we will discuss the Cross-site Scripting Attack. 


In this lesson we will explore what web application security is and why we need it.

Getting started with Web Application Security

HTTPS Basics

JSON Web Token

OAuth

OpenID Connect

Conclusion

Introduction

What is web application security?

Why do we need to secure web applications?

Prerequisites

What you will learn from this course