Question

in 300 words, Give a deep dive of the parts of the chapter talking about encryption and session tokens. Should we sue them, what issues are there, what should we keep in mind, etc

Answer 1

Encryption and session tokens --

• The session tokens include cookies, SessionID, Hidden Field.
• If the session tokens has exposed then attacker can access the victim's data easily.
• so it is very important to protect transition of data between the client browser and application server.
• The security applies to the transfer of sensitive session ID data. the personal proxy ascertian each request and response which include --
• HTTP headers
• Protocol used(HTTP and HTTPS)
• Message body (Post or page content)
• The session Id data is passed between client and server, cache, privacy, protocol and body should be checked.
• Here the session ID is passed inGET and POST request.
• To protect your data, SSL encryption should be used. encryption of the session ID should be considered separatly from transport encryption because the session ID is being protected, not the data.
• The most used session tokens are --
• Long lived access tokens, medium term lived access token which is used to get a new access token and medium term lived session that extend expiry, short lived access token,
• Encryption make the file or message readable only by certain people. Encryption uses algorithm to encrypt the data and then uses key fr receiving party to decrypt the information.
• The message is refered as plain text but when it is encrypted it refered to as ciphertext.
• The main types of encryption are -- symmetric encryption and asymmetric encryption or public key encryption.
• Symmetric encryption -- in this, there is only one key and all the parties uses the same key for encryption and decryption.
• Asymmetric encryption -- in this encryption there are two keys, one is used for encryption ad other is used for decryption.
• some algorithm for encryption are -- Blowfish, AES, RC4 RC5 RC6, Twofisha and DES.

Issues of encryption and session tokens --

• The tokens are stored at the frontend ad backend and send over the network which is depending on the session flow. so here several issues can ocuur like-
• MAn in the middle attack
• XSS. , CSRF.
• Database files access
• OAuth token theft
• Session fixation
• Social engineering and physical access.
• The common encryption issues can be -- Big Data lakes, Cloud platform, Analysis involving sensitive data,