What is authorization and authentication, why is it important and some ways they can be hacked? Authentication is confirming you are who you claim to be, this is the typical login process. Where we match your input username and password against the DB if is correct Authorization is when we know who you are, but what rights or access do you have to this system are you an admin with full access pass or maybe you only have read rights.
To give an example, imagine you try to go to a government security building. You come with your ticket and id to get it that is Authentication. The employee checks your ticket to see what permissions you have are your VIP, vendor, all-access. Where can you go, which floors can you access? The employee gives you a neck badge to wear with your status that is your Authorization. The same process in with user credentials.
The better you understand this, it will help you understand where and what a hacker will try to exploit.
- SQL Injection.
- Phishing.
- Stealing cookie.
- Trying default / easy to guess usernames and passwords.
- Are the login page is in the HTTPS? What if the attacker tries to inject a keylogger?
- Is the credentials sent over HTTPS? Man in the middle ?
Stay tuned for more topics to come; Is JS really the best programming language?Tech and Linkedin what are the benefits? Can your current background make you a better or worse developer?
All the best,
Simcha Greenbaum