The OWASP top 10: A2 — .2017 Broken authentication

Introduction

The OWASP Definition of broken authentication goes very deep and while this is not usually a problem for pentesters as they are required to pretty much report anything and let the customer decide what course of action to take. If we talk about bug bounty hunting though, these vulnerabilities are all useful to us as well, but maybe not immediately.

What OWASP means with broken authentication might differ from the definition most people have in their heads so let’s dive a bit deeper into what they…