Blog of Hiruni Mirando

Hello! I hope you had a good day and an awesome week. 😊 Daily we come across many websites that would require us to register with them in order to fulfil our requirements. As we need to complete our work we would make an account on these websites even though we are not going to use them regularly or ever again. This would result in a long list of usernames and passwords for us to remember and forgetting at least one would be a troublesome task of resetting it. As a solution to this problem, Single sign-on was introduced along with social logins. Single sign-on provides a way for users to have a single set of credentials (username and password) for multiple applications. This was achieved using social logins, where existing login details of a social platform provider can be used to register to a third-party website instead of creating a new set of credentials. OAuth 2.0 is a framework which helps in such a situation. What is OAuth 2.0? OAuth (Open Authorization)...

Hello! I hope you had a good day and an awesome week. 😊 In this post, we are going to talk about how to prevent Cross-site Request Forgery (CSRF) using Double Submit Cookies Pattern and its Node.js implementation. If you are unaware of CSRF, I recommend you to read my previous post here as it is crucial to understand Double Submit Cookies Pattern. Prerequisites are the knowledge about cookies, CSRF and Synchronizer Token Pattern. As discussed earlier, there are some drawbacks of Synchronized Token Pattern, namely, The requirement of excessive storage space in the server due to the fact that all the CSRF tokens are stored. Useless if the server supports cross-domain AJAX requests. To overcome the aforementioned reasons and to prevent CSRF, Double Submit Cookies Pattern can be used . Double Submit Cookies Pattern Double Submit Cookies Pattern When Harry signs in to the bank’s website using his username and password, the bank’s server would create a ses...

Hello! I hope you had a good day and an awesome week. 😊 With the advancement of technology in information and communication sectors, millennials are electronics-filled, increasingly online and socially networked, which is exactly why everything can be done once you are connected to the internet. Doing online transactions have become so much easy making it is just a button click but, can we guarantee the safety of these transactions? Cross-site Request Forgery (CSRF) is a type of attack which targets such online transactions. You’ll need to have the knowledge of cookies as a prerequisite to fully understand CSRF. What is Cross-site Request Forgery? Cross-site Request Forgery (CSRF) is a malicious exploit of a website where unauthorized commands are sent from a user the website trusts, without this particular user’s knowledge. This is a vulnerability found in websites. Let’s see the below example to understand CSRF. Cross-site Request Frogery When Harry ...