Chapter 5. Breaking Authentication Schemes

Information in this Chapter

  • Understanding Authentication Attacks
  • Employing Countermeasures

Passwords remain the most common way for a Web site to have users prove their identity. If you know an account's password, then you must be the owner of the account – so the assumption goes. Passwords represent a necessary evil of Web security. They are necessary, of course, to make sure that our accounts cannot be accessed without this confidential knowledge. Yet, the practice of passwords illuminates the fundamentally insecure nature of the human way of thinking. Passwords can be easy to guess, they might not be changed for years, they might be shared among dozens of Web sites (some secure, some with gaping ...

Get Seven Deadliest Web Application Attacks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.