Authentication and Authorization

· Authentication is the process of verifying who you are. When you log on to a PC with a user name and password you are authenticating.

· Authorization is after verifying that you have access to something. Gaining access to a resource because the permissions configured on it allow you access is authorization.

Authentication can be done using the following methods:

• Local Code42 platform directory
• LDAP
• Single Sign-On (SSO)
• RADIUS

Authorization can be done using the following methods:

· Local Code42 platform directory

• LDAP

Difference between multiple security terms

Encoding	Encryption	Hashing
Maintaining data usability	Maintaining data confidentiality	Validating the integrity of content
Reversed data by  employing same algorithm	Reversed data by  secret key	Validate through the signature
No secret key	Use key	Signature by a sender

SQL Injection	Blind SQL Injection
Display error message	Does not see an error message
It does not ask ant question	It ask a true and false question to database
Attacker see the result	Attacker not see the result

SQL Injection	Cross-Site Scripting
Inserting query syntax	Embedded script tags in URL
Attacker send simple text based syntax	Attacker send simple text based script
Injecting SQL field value in the form of regular expression	Simple HTML tags in the form of the regular expression
It can be easily effected	It can be affect with average vulnerability

Cross-Site Scripting	Cross-Site Request Forgery
It doesn’t need authentication	Authenticated Session
Escape the basic validating	Server trust the user
Need of java script	Not need of javascript
A site that is vulnerable to XSS attacks is also vulnerable to CSRF attacks	A site that is completely protected from XSS types of attacks is still most likely vulnerable to CSRF attacks.