HTTP
A 401 status code is returned when?
when authentication is required.
Name any OWASP API Security Top 10 issue?
Judge Validates
JWT stands for?
JSON Web Token
In OAUTH flow, client is the user who owns the data and can allow or disallow the access to his data to an app?
No, it is the resource owner.
A 403 status code is returned when?
if a consumer is authenticated but not authorized to access an operation.
-Mobile API breach (discussed today) was an example of what kind of vulnerability.
Broken Object Level Authorization
JWT token is in the format of?
header.body.signature
OAUTH can take care of complete identity management including authorization and authentication.
No, OIDC is used for authentication.
Your API resource does no allow deletion, and a client application attempted to delete the resource. What HTTP respose code should you return?
405 method not allowed
A mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems
HoneyPot
eyJhbGciOiJub25lIn0.
eyJzdWIiOiJ1c2VyMTIzIiwic2Vzc2lvbiI6ImNoNzJnc2IzMjAwMDB1ZG9jbDM2M
2VvZnkiLCJuYW1lIjoiUHJldHR5IE5hbWUiLCJsYXN0cGFnZSI6Ii92aWV3cy9zZXR0aW5ncyJ9
is a valid JWT?
Yes
Should I need to create oAuth token everytime I access a resource.
No, token can be used till the expiry
429 status code is returned when?
Too many requests (to prevent brute force)
A collection of internet-connected devices infected by malware that allow hackers to control them
Botnet
What is the difference between RS256 to HS256 algorithm?
HS256 can create a signature for a given sample of data using a single key.
RS256 uses pair of keys to do the same.
What response do we get when we send an expired OAUTH token.
Server returns 401 error code