Please enable JavaScript.

Coggle requires JavaScript to display documents.

Web application security - Coggle Diagram

- - - - Reflected cross site scripting
      - Stored cross site scripting
    - - validate data
      - sanitize data
  - - - csrf using get
      - csrf using post
    - - anti csrf token
      - same site cookie
  - - - flood attack
        
        ICMP flood
        
        SYN flood
      - Crash attack
    - - black hole routing
      - rate limiting
- - - - domain validation
      - organisation validation
      - extended validation
    - - single name
      - wild card
      - multi domain
    - - authenticity
      - confidentiality
      - message integrity
  - - - benefits
        
        scalable and stateless
        
        secure
        
        helpful in authorization
        
        can be generated anywhere
      - types
        
        access token
        
        refresh token
      - jwt
        
        types
        
        singed(jws)
        
        encrypted(jwe)
        
        use cases
        
        authorization
        
        information exchange
        
        structure
        
        header
        
        alg
        
        header
        
        payload
        
        registered claim names
        
        iss
        
        sub
        
        aud
        
        exp
        
        nbf
        
        iat
        
        jti
        
        public claim names
        
        private claim names
        
        signature