From 319d7f77f5f8b68f6226a23e549cc01576abab78 Mon Sep 17 00:00:00 2001 From: Soumya Ray Date: Sat, 27 May 2017 23:15:59 +0800 Subject: [PATCH] Updated README and file names --- README.md | 12 ++++++------ descriptions/020_db_testing.md | 2 +- ...interface_client.md => 050_interface_sessions.md} | 2 +- descriptions/055_secure_sessions.md | 2 +- descriptions/070_policies_validation.md | 2 +- descriptions/090_oauth_protocol.md | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) rename descriptions/{050_interface_client.md => 050_interface_sessions.md} (98%) diff --git a/README.md b/README.md index 28791d8..2ec01fd 100644 --- a/README.md +++ b/README.md @@ -8,13 +8,13 @@ Follow the activities below as the semester progresses. ## Weekly breakdown of the semester project: - [A: Brainstorming and Setup](descriptions/005_brainstorm_setup.md) - [B: Basic File Store API](descriptions/010_filestore_api.md) -- [C: Relational Databases and API Testing](descriptions/020_db_testing.md) +- [C: Relational Databases and Testing](descriptions/020_db_testing.md) - [D: Database Hardening](descriptions/030_db_hardening.md) - [E: Secure User Accounts](descriptions/040_secure_accounts.md) -- [F: Deployed API + Interface Client](descriptions/050_interface_client.md) -- [G: Token Based Authentication](descriptions/060_token_authentication.md) -- [H: Form Validation and SSL Enforcement](descriptions/070_validation_ssl.md) -- [I: Token Based Authorization](descriptions/080_token_authorization.md) +- [F: Client Interface and Sessions](descriptions/050_interface_sessions.md) +- [G: Secure Session and Registration](descriptions/055_secure_sessions.md) +- [H: Token Based Authorization](descriptions/060_token_authorization.md) +- [I: Policies and Validation](descriptions/070_policies_validation_ssl.md) - [J: OAuth Protocol and Single-Table Inheritance](descriptions/090_oauth_protocol.md) -- [K: Signed Apps and XSS Prevention](descriptions/100_distributed_security.md) +- [K: Signed Clients and XSS Prevention](descriptions/100_distributed_security.md) - [L: Final Presentations](descriptions/110_final_presentation.md) diff --git a/descriptions/020_db_testing.md b/descriptions/020_db_testing.md index 3c25619..b845c09 100644 --- a/descriptions/020_db_testing.md +++ b/descriptions/020_db_testing.md @@ -1,4 +1,4 @@ -## Database and Testing +## Relational Databases and Testing We will start addressing some of the security issues we found by adding a database to our application and writing tests for it. You can refer to the [`1_db_testing` branch of the demo code we saw in class](https://github.com/ISS-Security/configshare-api/tree/1_db_testing). diff --git a/descriptions/050_interface_client.md b/descriptions/050_interface_sessions.md similarity index 98% rename from descriptions/050_interface_client.md rename to descriptions/050_interface_sessions.md index f32727d..7cee468 100644 --- a/descriptions/050_interface_client.md +++ b/descriptions/050_interface_sessions.md @@ -1,4 +1,4 @@ -# Interface and Sessions +# Client Interface and Sessions This week are building up our interface as a web client application. We are interested in seeing if we can get users to login for now! Take a look at the latest code at: - [Deployed API](https://github.com/ISS-Security/configshare-api/tree/4_authenticate_accounts) diff --git a/descriptions/055_secure_sessions.md b/descriptions/055_secure_sessions.md index 49b2d15..57c1216 100644 --- a/descriptions/055_secure_sessions.md +++ b/descriptions/055_secure_sessions.md @@ -1,4 +1,4 @@ -# Secure Sessions +# Secure Sessions and Registration This week we will secure the storage of session state across our system and on the client machine. See the latest version of our demo code: diff --git a/descriptions/070_policies_validation.md b/descriptions/070_policies_validation.md index 8ed14b6..de59b1b 100644 --- a/descriptions/070_policies_validation.md +++ b/descriptions/070_policies_validation.md @@ -1,4 +1,4 @@ -# Validated Form Input and Enforce SSL +# Policies and Validation This week we will create centralized resource policies, and validate user input coming from web forms. See the latest version of our demo project: - [Web API: auth_policy](https://github.com/ISS-Security/configshare-api/tree/6_auth_policy) diff --git a/descriptions/090_oauth_protocol.md b/descriptions/090_oauth_protocol.md index d1d3f98..afde0a3 100644 --- a/descriptions/090_oauth_protocol.md +++ b/descriptions/090_oauth_protocol.md @@ -1,4 +1,4 @@ -# Single Sign-On Using OAuth an Single Table Inheritance +# Single Sign-On Using OAuth This week we will implement single sign-on (SSO) to allow users to login using their Github credentials. But first, we must setup our database (API) to handle two types of accounts: regular accounts (Account) and SSO accounts (SSOaccount). @@ -31,5 +31,5 @@ This week we will implement single sign-on (SSO) to allow users to login using t - Choose from the options we saw in class of how to distribute these tasks between your App and your API - ~~option 1: App handles everything and asks API to find/create Github account~~ - option 2: App completes authorization and sends access_token to API, API uses access_token to retrieve user data from Github - - option 3: API handles everything and returns Github account to App + - option 3: App starts process until callback, then hands code to API; API uses code to retrieve access_token and get user data - Make sure at the end that your API stores a new `SsoAccount` if one does not exist for an SSO login