Gain insights into JWT, OAuth2, and OpenID Connect. Learn about HTTPS, encryption, and handshake techniques, and explore foundational concepts in web API security for enhanced application protection.

Web application developers are always on the lookout for ways to secure their applications. It has become the most fundamental part of any web application considering the rise in the number of cyber-attacks. This course will be your handy guide to the basic terminologies and frameworks related to web application security.

 In this course, you will learn what JWT is, how a JWT is created, and what benefits it provides in token-based authentication. You will learn about why HTTPS was introduced and how it revolutionized the way data is transferred using techniques like encryption and handshake. You will also dive deep into the most commonly used authentication and authorization frameworks called OAuth and OpenId Connect. This course will give you a taste of what web API security is all about and will give you the foundation so you can further your learning of application security.

Web Security and Access Management: JWT, OAuth2 & OpenId Connect

A **denial of service** or DoS, attack is a type of attack in which the attacker tries to crash an application so that the legitimate users are not able to access the application. The attacker does not gain any benefit from this attack. The main purpose of this attack is to harm an organization, and is often carried out by a competitor or mischievous hacker.


> The first DoS attack was done by 13-year old David Dennis in 1974. Dennis wrote a program using the **external** or **ext** command that forced some computers at a nearby university research lab to power off.


## Types of Denial of Service Attacks

The denial of service attacks can be categorized into two types:


### 1. Flood Attack
In a flood attack, the attacker overwhelms the application with a flood of requests. The application has a limit to the number of requests it can handle per second, and if the number of requests increases exponentially, the server will slow and eventually crash. 

There are two types of flood attacks: 

* **ICMP flood** – In this attack, the attacker leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the “smurf attack” or the “ping of death”.


* **A SYN flood** – In this attack, the targeted server receives a request to begin the handshake, but the handshake is never completed. That leaves the connected port occupied and unavailable to process further requests. The attacker continues to send more and more requests, overwhelming all open ports and shutting down the server.

### 2. Crash Attack
This attack is not very common. In this attack, the attacker transmits a bug to the server which then takes advantage of the vulnerabilities of the server.


A **denial of service** or DoS, attack is a type of attack in which the attacker tries to crash an application so that the legitimate users are not able to access the application. The attacker does not gain any benefit from this attack. The main purpose of this attack is to harm an organization, and is often carried out by a competitor or mischievous hacker.


> The first DoS attack was done by 13-year old David Dennis in 1974. Dennis wrote a program using the **external** or **ext** command that forced some computers at a nearby university research lab to power off.


# Types of Denial of Service Attacks

The denial of service attacks can be categorized into two types:


## 1. Flood Attack
In a flood attack, the attacker overwhelms the application with a flood of requests. The application has a limit to the number of requests it can handle per second, and if the number of requests increases exponentially, the server will slow and eventually crash. 

There are two types of flood attacks: 

* **ICMP flood** – In this attack, the attacker leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the “smurf attack” or the “ping of death”.


* **A SYN flood** – In this attack, the targeted server receives a request to begin the handshake, but the handshake is never completed. That leaves the connected port occupied and unavailable to process further requests. The attacker continues to send more and more requests, overwhelming all open ports and shutting down the server.

## 2. Crash Attack
This attack is not very common. In this attack, the attacker transmits a bug to the server which then takes advantage of the vulnerabilities of the server.


This lesson discusses the denial-of-service attack.

Getting started with Web Application Security

HTTPS Basics

JSON Web Token

OAuth

OpenID Connect

Conclusion

Denial-of-Service Attack

Types of Denial of Service Attacks