Broken authentication

When an attacker logs into your web application

John Kearney
Nov 13, 2019 · 4 min read
“Login Panel Design” by Tevrat Gündoğdu is licensed under CC BY-NC 4.0
“Login Panel Design” by Tevrat Gündoğdu is licensed under CC BY-NC 4.0

In our post Injection attacks explained, we talked about how applications can be tricked into interpreting user-supplied data as an instruction to perform an operation.

However, attackers are always going to look for the easiest route in. If they can simply log straight into an application and exploit existing…