Cyber Thursday - Broken Authentication

Exposure of sensitive application/user details to unauthorized users

older or poorly configured XML processors evaluate external entity references within XML documents

improper implementation of authentication and session management

application includes untrusted data in a new web page without proper validation or escaping

true

flase

false

true

Crypt-analysis of hash values

Spamming

Authorization Bypass

Authentication bypass

Insecure Direct Object References

Session Replay

Session Hijacking

Session Fixation

Session Fixation

Brute Force Attack

XSS

Dictionary Attack

Forced Browsing or failure to restrict URL

Invalidated redirect and forward

Insecure Misconfiguration

SQL Injection

implementing password strength restriction

using predictable session ID

Destroying session token post logout

restricting internal URL to authenticated/authorized users only

Escaping functionality

User Input validation

Inactive session timeout functionality

Session invalidation post Logout functionality

Implement account lockout after few incorrect login attempt

implement password expiry after certain

Allow users to choose their password

Implement use of CAPTCHA