The Risks Of Broken Authentication (and how to identify vulnerabilities)
As a business owner, we understand that it is not easy for you to get your head around many aspects of software development and penetration testing. There is a dictionary full of terms used to discuss cybersecurity. To help you understand the threats, we are embarking on a journey to create a collection of articles, explaining each threat in a way that you can understand.
Authentication is the act of validating or confirming that someone is who they say they are. In terms of security and your computer systems, you want to know that the person accessing your system is your employee, now and in ten minutes or an hour’s time.
What is broken authentication?
According to the OWASP website: Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens or to exploit other implementation flaws to assume other users’ identities temporarily or permanently.
What does this mean? This covers two things. The first is that a hacker uses a real username and password (acquired in a data breach elsewhere) to login to your system. The second is that an attacker takes over a genuine user’s session on your system. Once either scenario occurs, you have broken authentication.
Once the cybercriminal has access to your system, the damage can be significant, ranging from sensitive data exposure to blackmail or fraud,
OWASP recognises broken authentication as the second biggest web app security risk.
The dangers of broken authentication + Examples
Let’s look at two examples:
Credential stuffing: The attacker uses an automated program and a list of known passwords to see if any work on your network, system, or website
Hijacked session ID: A web session is everything that occurs from the moment you or your employee visit a website or access an application. The website issues a session ID to you, even before you login. You then close the browser without logging out. Now, the hijacker can open the browser and continue using the now authenticated session ID.
How to identify broken authentication vulnerabilities
Vulnerabilities often exist due to broken access control and poor session management. If your system does not recognise that an attacker is attempting numerous logins or if automatic session timeouts are too long, your business is at risk.
Omni Cyber Security can perform penetration testing on your network to check for all vulnerabilities such as SQL injection and sensitive data exposure to protect your applications, customers, clients, partners and your entire company operations & reputation.
Contact Omni Cyber to discuss penetration testing your systems for vulnerabilities.