adporn.net Improper authentication - Cybersecurity Foundations: Application Security Video Tutorial | LinkedIn Learning, formerly Lynda.com

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Cybersecurity Foundations: Application Security

Unlock the full course today

Join today to access over 24,400 courses taught by industry experts.

Improper authentication

Improper authentication

From the course: Cybersecurity Foundations: Application Security

Start my 1-month free trial Buy for my team

Improper authentication

“

- [Narrator] Most applications require authentication to protect the confidentiality of user data. This ensures that an individual performing an action is who they say they are. Application authentication is typically achieved through a username and password combination and augmented with multifactor authentication nowadays. An improper authentication vulnerability occurs when an application does not properly ascertain the identity of a user. This leads to account takeovers and data breaches. One way an improper authentication vulnerability can occur is when users are allowed access to authenticated functions directly without having to log in first. Another way is when there's a lack of rate limiting on login fields, especially when the field lengths are known. We'll take a look at both scenarios in this video. In this first example, this social media application allows only signed in users to view posts. When a user…

Contents