Authentication 10

Centralized authentication routines are a good programming practice, but like other routines, developers need to understand how they work, how to use them and any limitations. These should preferably be the framework's in-built authentication support. I If third party authentication libraries are used, it is important to test each routine before its implementation.

How to play?

Pravin can bypass authentication controls because a centralized standard, tested, proven and approved authentication module/framework/service, separate to the resource being requested, is not being used

Mappings

Owasp ASVS (4.0): 1.1.6 ,1.4.4

Capec: 90 ,115

Owasp SCP: 25,26,27

Owasp Appsensor:

Safecode: 14,28

ASVS (4.0) Cheatsheetseries Index

ASVS V1.1 - Secure Software Development Lifecycle Requirements

ASVS V1.4 - Access Control Architectural Requirements

Attacks

Password Guessing/Brute Force Attacks

Credential Stuffing

Insider Threats

Social engineering attack

Session Hijacking (Man-in-the-Middle)

Loading comments 0%

View source on GitHub