Broken Authentication: OWASP Top 10

Broken authentication happens when session management isn’t properly implemented. It allows an attacker to carry out credential stuffing, brute force access, and session hijacking against your web app. In the case of credential stuffing, automated tools can be used to test a list of stolen usernames and passwords in an attempt to compromise legitimate accounts. Compromises like this can open the door for fraud, money laundering, identity theft, and the loss of highly sensitive information. There are several steps to preventing broken authentication. Multi-factor authentication can stop automated attacks such as credential stuffing and brute force attacks. Also, prevent users from using weak passwords and add rules to check password length, complexity, and how often they need to be changed. Finally, session management should be used to ensure sessionIDs are invalidated after logout or idle and a new random sessionID is generated at login and is not passed in the URL.
---
Security awareness training videos that are short and to the point. Use our customizable LMS or integrate with your own existing LMS.

Follow us and join in the conversations!