Intesar's blog

JWT replaces the cookie and makes APIs / Web stateless JWT Token can easily be decoded JWT has No  true logout Always use: Authorization: Bearer <TOKEN> Bearer authentication scheme prevents CSRF attacks sample JWT token includes the following elements. Header : Algorithm and token type { “alg”: “HS256”, “typ”: “JWT” } Payload : data { “sub”: “1234567890”, “name”: “John Doe”, “admin”: true } Verify signature: HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret ) Final output: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 . eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9 . TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ Using  JWT.IO  we can easily decode, verify and generate JWT tokens. OAuth 2.0: Authorization Framework: Support APIs, Web, etc. OAuth 2.0 Key Components Authorization Server (Token Factory, e.g. GitHub) Resource Server (API / Microservice, e.g. GitHub API) Client  (UI / Mobile / API / Microservi

How to Speak? How to Start: Empowerment Promise By the end of the session, you will learn. What is  apisec.ai is, how to get started using apisec. Why so many businesses are getting API breaches How to get your API security strategy right API Security Pitfalls Implement successful API Security Strategies Samples: Cycles Build Fence apisec is an API security automation service.  It's not a WAF,  Nor an API Gateway  Neither a pen-testing tool. Verbal Punctuation Stats Ask Questions  Can't be too easy or too hard. Time & Place 11 AM Well lit room More than half packed audience Tools: BlackBoard Graphic Qualities The speed at which you write on the blackboard is the speed at which people can absorb the material Target Props - It sells Empathetic Mirroring - Demonstration makes the audience feel you're doing it. Bring an API down Job Talks: Expose Ideas and not teach them Slide Crimes:  Too Many Slides and Too Many Words Do not read Be in the image Keep images simple Elimin