8 Authentication vulnerabilities

In this chapter

How attackers attempt to guess credentials on your web application by using brute-force attacks
How to stop brute-force attacks by implementing a variety of defenses
How to store credentials securely
How your web application might leak the existence of usernames, and why that’s bad

Many web applications are designed for interaction among users, whether that interaction is sharing cat videos or arguing about recipes in the comments section of the New York Times website. User accounts on websites represent our online presence, and as such, they have value to hackers. For some sites, the value is obvious: compromised credentials for banking websites can be used directly for fraud. Other types of ...

Get Grokking Web Application Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Grokking Web Application Security by Malcolm McDonald

8 Authentication vulnerabilities

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly