O'Reilly logo

Mastering C# and .NET Framework by Marino Posadas

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

A2 – Broken Authentication and Session Management

The problem here is related to identity and permissions. As the official definition states:

"Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users' identities."

This is even worse when the false authenticated users are remote (the typical case) and therefore difficult to track.

The problems here are multiple:

  • We might accept unwanted users (information and operation disclosure)
    • A variant of this is when an unwanted user gets administrator privileges, thus putting the whole system at risk
  • We might accept a user with credentials ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required