Authentication plays a critical role in the security of a web application since all subsequent security decisions are typically made based on the identity established by the supplied credentials. This chapter covers threats to common web authentication mechanisms, as well as threats that bypass authentication controls entirely.
We’ve organized our discussion in this section loosely around the most common types of authentication prevalent on the Web at the time of this writing:
• Username/password Because of its simplicity, this is the most prevalent form of authentication on the Web.
• Strong(er) authentication Since it’s widely recognized that username/ password authentication ...