CHAPTER 4 ATTACKING WEB AUTHENTICATION

Authentication plays a critical role in the security of a web application since all subsequent security decisions are typically made based on the identity established by the supplied credentials. This chapter covers threats to common web authentication mechanisms, as well as threats that bypass authentication controls entirely.

WEB AUTHENTICATION THREATS

We’ve organized our discussion in this section loosely around the most common types of authentication prevalent on the Web at the time of this writing:

Username/password Because of its simplicity, this is the most prevalent form of authentication on the Web.

Strong(er) authentication Since it’s widely recognized that username/ password authentication ...

Get Hacking Exposed Web Applications, Third Edition, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.