Broken Authentication

Harvinder Duggal Harvinder Duggal

Harvinder Duggal

发布日期: 2024年4月25日
+ 关注

Broken Authentication generally refers to weakness in 2 areas - 1) Session Management and 2 ) Credential management

Primary reasons for broken authentication are poor credential management ( weak passwords, weak cryptography) and poor session management

How to prevent Broken Authentication

1) Use Stronger Password

2) Implement MFA

3) Create a profile for failed login attempts which would lock the account after some specified number of failed login attempts

4) Don't use Session IDs in URLs

5) Rotate and invalidate Session IDs

6) Programatically, control session length to the type of user and application they are using


要查看或添加评论,请登录

Harvinder Duggal的更多文章

社区洞察

其他会员也浏览了