Understand the protocols and architectural patterns that underpin modern security
The four-layer networking model (Link, Internet, Transport, Application) that underpins all internet communication. Understanding each layer is essential for network security analysis.
The hierarchical naming system that translates domain names to IP addresses. DNS is a frequent attack target due to its critical role in nearly all internet communication.
The request-response protocol for web communication. HTTPS adds TLS encryption. Understanding HTTP methods, headers, and status codes is fundamental to web security.
The cryptographic handshake that establishes secure communication channels. TLS 1.3 simplified the handshake to 1-RTT while improving security over older versions.
The authorization framework that enables third-party applications to access resources on behalf of users without sharing credentials. Widely used for API authorization and social login.
An XML-based framework for exchanging authentication and authorization data between identity providers and service providers. Common in enterprise SSO implementations.
A compact, URL-safe token format for transmitting claims between parties. Widely used for stateless authentication in APIs and microservices, but requires careful implementation.
A full-duplex communication protocol over a single TCP connection, enabling real-time bidirectional data transfer between client and server. Used for chat, live updates, and streaming.
A centralized entry point for API traffic that handles cross-cutting concerns like authentication, rate limiting, and request routing. Essential for microservice security.
A security model that assumes no implicit trust based on network location. Every access request is fully authenticated, authorized, and encrypted regardless of origin.