Most Common Web Application Security Vulnerabilities #2: Authentication flaws

Image for post
Image for post

Authentication is the way toward confirming the identity of a user by ensuring that they truly are who they claim to be. Generally by design, the Web applications are exposed to any individual who is associated within the internet. In this manner, powerful authentication mechanisms are an indispensable part of the effective web application security.

Any security imperfection produced as a consequence of the error in implementation of authentication mechanism and session management falls under the broken authentication. In simpler words, broken authentication attacks permit the perpetrator to either gain access or bypass the user authentication system of a web application.

Authentication vs Authorization

The process of Verifying whether a user is allowed or permitted to perform an action is the authorization, whereas the process of verifying a user who they really claim to be is the authentication.

Types of Attacks to Exploit Authentication flaws

The Root Causes of Broken Authentication

7. Authentication susceptible to brute force attacks and credential stuffing.

Image for post
Image for post

Broken Authentication, After-effects

The main targets of Broken authentication are session tokens, user credentials, keys or any other entities dealing with the identity of the users of a system. The flaws in session management and authentication mechanism permits an attacker to target a specific account or a group of account holders which provides the full access to harm the victim in many ways.

Also, it is possible to act as an impostor to malign the personal relationships of the victim and Selling the compromised credentials to the other parties.

Protecting against Broken Authentication

Conclusion

Broken Authentication Vulnerability is a critical issue in the event that it is prevailing in a Web Application since such loopholes can cause the Organization a large attack in terms of Data Breaches. Generally, it is simple for inspired attackers to sneak past on the grounds that even companies with enormous budgets for security often neglect these basic security defects. It is similar to barring every window in your home while leaving the front door fully open. The clearest approach to avoid this flaw is utilizing a framework since it may be able to implement this accurately, but the former is much easier and accurate.

The Startup

Medium's largest active publication, followed by +771K people. Follow to join our community.

Pranieth Chandrasekara

Written by

Application Security Engineer at 99x | OWASP Community Volunteer | Interested in Challenges which pushes to think outside the box.

The Startup

Medium's largest active publication, followed by +771K people. Follow to join our community.

Pranieth Chandrasekara

Written by

Application Security Engineer at 99x | OWASP Community Volunteer | Interested in Challenges which pushes to think outside the box.

The Startup

Medium's largest active publication, followed by +771K people. Follow to join our community.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store