Identification and authentication failures

Once referred to by OWASP as "broken authentication," failures related to identification and authentication can occur in a variety of situations. In general, however, they're most likely when applications have major flaws relating to password protection or session identifiers.

For example, these applications may allow users to stick with default passwords or select weak ones rather than enforcing the robust passwords needed to prevent brute-force attacks. Other potential risks attached to identification and authentication failures include credential stuffing and session hijacking.

This is yet another area in which a comprehensive scanning solution can make a world of difference. Regular scanning should reveal where the greatest identification and authentication vulnerabilities exist. Strong passwords are a must, of course, but multi-factor authentication and CAPTCHA can also provide excellent protection against several types of cyber attacks.https://www.sitelock.com/blog/top-10-owasp-vulnerabilities/

SELECT id FROM users WHERE username = "sia"

Search This Blog

Identification and authentication failures

Identification and authentication failures

Comments

Post a Comment