Question

In: Computer Science

in 300 words, Give a deep dive of the parts of the chapter talking about encryption...

in 300 words, Give a deep dive of the parts of the chapter talking about encryption and session tokens. Should we sue them, what issues are there, what should we keep in mind, etc

Solutions

Expert Solution

Encryption and session tokens --

  • The session tokens include cookies, SessionID, Hidden Field.
  • If the session tokens has exposed then attacker can access the victim's data easily.
  • so it is very important to protect transition of data between the client browser and application server.
  • The security applies to the transfer of sensitive session ID data. the personal proxy ascertian each request and response which include --
  • HTTP headers
  • Protocol used(HTTP and HTTPS)
  • Message body (Post or page content)
  • The session Id data is passed between client and server, cache, privacy, protocol and body should be checked.
  • Here the session ID is passed inGET and POST request.
  • To protect your data, SSL encryption should be used. encryption of the session ID should be considered separatly from transport encryption because the session ID is being protected, not the data.
  • The most used session tokens are --
  • Long lived access tokens, medium term lived access token which is used to get a new access token and medium term lived session that extend expiry, short lived access token,
  • Encryption make the file or message readable only by certain people. Encryption uses algorithm to encrypt the data and then uses key fr receiving party to decrypt the information.
  • The message is refered as plain text but when it is encrypted it refered to as ciphertext.
  • The main types of encryption are -- symmetric encryption and asymmetric encryption or public key encryption.
  • Symmetric encryption -- in this, there is only one key and all the parties uses the same key for encryption and decryption.
  • Asymmetric encryption -- in this encryption there are two keys, one is used for encryption ad other is used for decryption.
  • some algorithm for encryption are -- Blowfish, AES, RC4 RC5 RC6, Twofisha and DES.

Issues of encryption and session tokens --

  • The tokens are stored at the frontend ad backend and send over the network which is depending on the session flow. so here several issues can ocuur like-
  • MAn in the middle attack
  • XSS. , CSRF.
  • Database files access
  • OAuth token theft
  • Session fixation
  • Social engineering and physical access.
  • The common encryption issues can be -- Big Data lakes, Cloud platform, Analysis involving sensitive data,

Related Solutions

why economics is important? give about 300 words
why economics is important? give about 300 words
Which chapter of the New Testament do you like best? Why? (about 300 words)
Which chapter of the New Testament do you like best? Why? (about 300 words)
Please write short essay(200-300 words) about investors and inflation according to 2nd chapter of the book...
Please write short essay(200-300 words) about investors and inflation according to 2nd chapter of the book “The Intelligent investor” by Benjamin Graham
Write a synopsis about the CPU in 300 words
Write a synopsis about the CPU in 300 words
how to answer What is customer loyalty? In the context of this chapter in 300 words...
how to answer What is customer loyalty? In the context of this chapter in 300 words Customer Service, 6th Edition ISBN: 9780133112061 By: Paul R. Timm
Give a detailed description of Donabedian model of quality ( 300 words)
Give a detailed description of Donabedian model of quality ( 300 words)
In your own words, write an introduction and conclusion, talking about customer privacy in business.
In your own words, write an introduction and conclusion, talking about customer privacy in business.
In essay format, give a detailed explanation of linear regression, talking about what it is, its...
In essay format, give a detailed explanation of linear regression, talking about what it is, its origin, mathematical justification, and formulas that make up the method. References
Discuss about bio-informatics and its applications in about 300 words with examples.
Discuss about bio-informatics and its applications in about 300 words with examples.
In 300 words, what are the different types of variables, give an example for each
In 300 words, what are the different types of variables, give an example for each
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT