CHAPTER 4 ATTACKING WEB AUTHENTICATION
Authentication plays a critical role in the security of a web application since all subsequent security decisions are typically made based on the identity established by the supplied credentials. This chapter covers threats to common web authentication mechanisms, as well as threats that bypass authentication controls entirely.
WEB AUTHENTICATION THREATS
We’ve organized our discussion in this section loosely around the most common types of authentication prevalent on the Web at the time of this writing:
• Username/password Because of its simplicity, this is the most prevalent form of authentication on the Web.
• Strong(er) authentication Since it’s widely recognized that username/ password authentication ...
Get Hacking Exposed Web Applications, Third Edition, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.