HTTP signature schemes provide integrity and authenticity on the application layer. Using them increase security but also incurs complexity.
Posts by Daniel Szpisjak
Lifelong learner. A security engineer with a strong development background. My goal is to bring security closer to developers in the form of trainings, workshops and Security Drops!
All authors
The Web API Authentication guide, Bearer tokens
Friday, Jan 19, 2018 by Daniel Szpisjak
Lots of modern web application utilize bearer tokens. They are ideal for backend integration, but can also be used on the frontend.
The Web API Authentication guide, Cookies
Friday, Jan 12, 2018 by Daniel Szpisjak
Cookies are the de-facto authentication between browser and server. For a good reason, they can provide full-blown session management with low complexity.
The Web API Authentication guide, Digest Auth
Tuesday, Nov 14, 2017 by Daniel Szpisjak
HTTP Digest Authentication was designed to completely replace Basic Auth. It provides increased security at the cost of significant complexity…
The Web API Authentication guide, Basic Auth
Friday, Oct 13, 2017 by Daniel Szpisjak
HTTP Basic Auth has been with us for ages. Some despise it for its insecurity, while others love it for its simplicity. Should you opt for using it or avoid it at all cost?