Gain insights into JWT, OAuth2, and OpenID Connect. Learn about HTTPS, encryption, and handshake techniques, and explore foundational concepts in web API security for enhanced application protection.

Web application developers are always on the lookout for ways to secure their applications. It has become the most fundamental part of any web application considering the rise in the number of cyber-attacks. This course will be your handy guide to the basic terminologies and frameworks related to web application security.

 In this course, you will learn what JWT is, how a JWT is created, and what benefits it provides in token-based authentication. You will learn about why HTTPS was introduced and how it revolutionized the way data is transferred using techniques like encryption and handshake. You will also dive deep into the most commonly used authentication and authorization frameworks called OAuth and OpenId Connect. This course will give you a taste of what web API security is all about and will give you the foundation so you can further your learning of application security.

Web Security and Access Management: JWT, OAuth2 & OpenId Connect

# What are SSL certificates?
When a user accesses a website, data is transferred between the client (browser) and the server (website). This data is not safe to send in the clear because it may be read by an attacker. This is a problem if we are sending  sensitive data like credit card details, passwords, or personal information over the Internet.


**SSL (Secure Sockets Layer)** certificates create an encrypted environment between a client and a server. A Secure Sockets Layer certificate (SSL certificate) is a small data file installed on a Web server that allows for a secure connection between the server and a web browser.

The certificate is base64 encoded and contains the following information:

* Name of the entity to which the certificate was issued.
* The public key required for encryption and digital signature verification.
* The digital signature created with the private key of the certificate issuer.

> SSL is a protocol that is used to secure the HTTP. SSL is deprecated now and Transport Layer Security (TLS) protocol is used instead. Most SSL certificates today also support the Transport Layer Security (TLS) protocol, which is considered to be more secure than SSL.

The application owner should install the SSL certificate on its web server. When an application is secured by an SSL certificate then its URL starts with `https` instead of `http`.

In the below screenshot you might have noticed a **lock** symbol before the URL. This symbol tells that this website is secured by a certificate.

![](/api/collection/6650775272947712/6366281604268032/page/6431763246088192/image/6246781051469824)

We can click on the lock symbol to get more details about the certificate as shown in the image below. We can see the certificate and also see which Certification Authority (CA) issued this certificate.


> A Certification Authority (CA) is a company or an organization which is trusted to sign, issue and revoke digital certificates. Some of the most popular certification authorities are Sectigo SSL, Symantec SSL, RapidSSL, GeoTrust SSL, and Thawte SSL.





![](/api/collection/6650775272947712/6366281604268032/page/6431763246088192/image/5068541498753024)


Getting started with Web Application Security

HTTPS Basics

JSON Web Token

OAuth

OpenID Connect

Conclusion

Understanding SSL certificates

What are SSL certificates?