Broken authentication and Session management
Authentication is the process of verifying who you are. It is a security procedure that ensures and verifies the identity of the user. What is a Session? Session is the server-side storage of user information to maintain user interaction with the web site. Servers typically generate a unique token for each connection, which is known as session ID. The session ID should be stored on the server-side and not on the client-side. Broken authentication : Authentication is “broken” when the application allows an attacker to identify or bypass the authentication mechanism. Broken Authentication is in one of the OWASP Top 10 Vulnerabilities. Broken authentication is caused by poorly implemented authentication and session management mechanisms. It allows an attacker to compromise passwords, keys, session ID's or to exploit other implementation flaws to take over a victim’s account. Common risk factors includes: Default account Inadequate password policy User En...