Gain insights into JWT, OAuth2, and OpenID Connect. Learn about HTTPS, encryption, and handshake techniques, and explore foundational concepts in web API security for enhanced application protection.

Web application developers are always on the lookout for ways to secure their applications. It has become the most fundamental part of any web application considering the rise in the number of cyber-attacks. This course will be your handy guide to the basic terminologies and frameworks related to web application security.

 In this course, you will learn what JWT is, how a JWT is created, and what benefits it provides in token-based authentication. You will learn about why HTTPS was introduced and how it revolutionized the way data is transferred using techniques like encryption and handshake. You will also dive deep into the most commonly used authentication and authorization frameworks called OAuth and OpenId Connect. This course will give you a taste of what web API security is all about and will give you the foundation so you can further your learning of application security.

Web Security and Access Management: JWT, OAuth2 & OpenId Connect

# What are Cookies

HTTP cookies, or web cookies, are small text files that store small pieces of information. They are created by the websites we visit and are stored on our browser. Cookies are limited to 4kb in size, which means they cannot store large amounts of data.



A cookie generally contains:

1. `name` - A website or a third-party server identifies a cookie using its name.
2. `value` - A random alphanumeric character, and it stores data like a unique identifier to identify the user and other information.
3. `attribute` – A set of characteristics such as the expiration date, domain, path, and flags.

![](/api/collection/6650775272947712/6366281604268032/page/6330349752680448/image/6251854930378752)

# Types of Cookies

Based on the source, the cookies can be classified into two types:

## First-party cookies
* These are installed by the website that the user is currently on.
* They are normally used to determine whether a user is logged in.


## Third-party cookies
* These are installed by other websites or third-party servers that are not being viewed by the users.
* Third-party cookies are used to track users’ browsing patterns and interests to show relevant advertisements.
* You may have noticed that when you search for a product on an eCommerce website, then you start seeing the ads for that product on other websites. This is achieved through third party cookies.


Based on the validity, the cookies can be classified into two types:

## Session cookies

* Session cookies are created for a single session and vanish once you close the browser.
* These cookies are created by the website and the user cannot disable them from the browser.
* These cookies are used to save session information while users browse a website. As soon as we close the browser, these cookies expire.

## Permanent cookies

* Permanent cookies don’t expire even after we close the browser or even shut down the computer.
* They have a specific expiration date set by the website and remain valid until then.
* Suppose we log in to a website and after a few days, when we try to login again, then we don’t need to re-enter the username and password. This becomes possible because of permanent cookies.
* Since these cookies store sensitive information, it’s not safe and can be risky if people with malicious intentions somehow get access to our computer.


Getting started with Web Application Security

HTTPS Basics

JSON Web Token

OAuth

OpenID Connect

Conclusion

What are Cookies?

What are Cookies