adporn.net A7: Identification and authentication failures - SonarQube Video Tutorial | LinkedIn Learning, formerly Lynda.com

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Static Application Security Testing

Unlock the full course today

Join today to access over 24,400 courses taught by industry experts.

A7: Identification and authentication failures

A7: Identification and authentication failures - SonarQube Tutorial

From the course: Static Application Security Testing

Start my 1-month free trial Buy for my team

A7: Identification and authentication failures

“

- [Presenter] The seventh set of risks in the OWASP top 10 are identification and authentication failures. If an attacker can find a way around the login screen and start interacting with the application or if you can't trust that the person using the app is the person they claim to be then the application is vulnerable to these flaws. With all the data breaches in recent years a lot of valid usernames and passwords have ended up on the dark web. It doesn't take a lot of technical skill for an attacker to download one of these lists and log into your application with a valid user account that belongs to someone else. Default passwords are even worse. Don't believe me? Just Google for the admin guide for some of the older technology in your environment, tech with an administrative web interface, and see if there's a default admin password combo listed in that guide. Even if an attacker doesn't have a valid set of…

Contents