Web Application Security Part 2


  • Client certificate-based authentication 
  • Digest-based authentication 
  • Declarative authorization 
  • Programmatic authorization 
  • Programmatic authentication

 Why Certificate-based Authentication? 

  • Username/password authentication cannot be used between program to program authentication 
    • Certificates may identify end-users, business organizations, servers, software entities 
  • Username/password pair might not provide enough credentials 
    • Certificate can contain much more than username and password

Certificate-based Authentication 

  • Client authentication 
    • Server verifies client's identity 
  • Server authentication 
    • Client verifies server's identity 
    • Occurs “transparently” in SSL-based browser and web server communication 
  • Mutual authentication 
    • both server and client verify each other's identity

You must have an active subscription to download PDF and Lab Zip of this course topic.Please click the "Subscribe" button or the "Login" button if you already have an account.

Subscribe     Login