Introduction00:01:10 Introducing Aviad Mizrachi00:04:36 The login00:06:32 The many intricacies of Authentication00:10:25 How are passwords sent to servers?00:11:26 Query param00:16:59 Multi-factor authorization (MFA)00:20:11 Time-based One-Time Password (TOTP)00:28:05 Single Sign-on (SSO) Cross-site scripting00:33:38 Ad: SignalWire, a next-gen video collaboration platform00:35:03 Session tokens00:36:36 Cross-site scripting (XSS)00:39:24 JSON web tokens (JWTs)00:41:24 Difference between session token and refresh token00:49:33 More about Frontegg, Aviad’s company00:54:14 SQL injection attack00:56:11 Auditing and audit logs00:59:42 Authentication in mobile apps01:00:50 Frontegg hiring and intern opportunities01:05:22 Frontegg product offeringsResources mentioned in this episode:ToolsFrontegg https://frontegg.com/TypeScript https://www.typescriptlang.org/Angular https://angular.io/guide/architectureMicrosoft Identity and Access Management https://www.microsoft.com/en-ww/security/business/identity-access-managementGoogle Identity https://developers.google.com/identityOkta https://www.okta.com/Articles:How Twitter CEO Jack Dorsey's Account Was Hacked https://www.wired.com/story/jack-dorsey-twitter-hacked/Our sponsor for this episode is SignalWirehttps://signalwire.com/You can reach Aviad on:LinkedIn | GitHubIf you’ve enjoyed this episode, you can listen to more on Programming Throwdown’s website: https://www.programmingthrowdown.com/Reach out to us via email: programmingthrowdown@gmail.comYou can also follow Programming Throwdown on Facebook | Apple Podcasts | Spotify | Player.FM Join the discussion on our DiscordYou can also help support Programming Throwdown through our Patreon