O'Reilly logo

Seven Deadliest Web Application Attacks by Mike Shema

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5. Breaking Authentication Schemes

Information in this Chapter

  • Understanding Authentication Attacks
  • Employing Countermeasures

Passwords remain the most common way for a Web site to have users prove their identity. If you know an account's password, then you must be the owner of the account – so the assumption goes. Passwords represent a necessary evil of Web security. They are necessary, of course, to make sure that our accounts cannot be accessed without this confidential knowledge. Yet, the practice of passwords illuminates the fundamentally insecure nature of the human way of thinking. Passwords can be easy to guess, they might not be changed for years, they might be shared among dozens of Web sites (some secure, some with gaping ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required