broken authentication what it means and what you can do
play

Broken Authentication: What it means, and what you can do - PowerPoint PPT Presentation

Feb 22, 2023 •138 likes •207 views

Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017 Rank Name 1 Injection 2 Broken Authentication 3 Sensitive Data Exposure 4 XML External Entities 5 Broken Access

  1. Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org

  2. OWASP Top 10 Vulnerabilities - 2017 Rank Name 1 Injection 2 Broken Authentication 3 Sensitive Data Exposure 4 XML External Entities 5 Broken Access Control 6 Security Misconfiguration 7 Cross-Site Scripting 8 Insecure Deserialization 9 Using Components with Known Vulnerabilities 10 Insufficient Logging & Monitoring

  3. Broken Authentication An important lesson: Anyone in your organization could be a weak link What is it? • It is when your password authentication isn’t sufficiently secure. • When that happens, it fails to protect your organizations assets. • It isn’t an exploit in itself, but when a hacker can just log in as a member of your organization, you’re in big trouble

  4. Broken Authentication Q: How do hackers exploit authentication vulnerabilities? A: Often through password cracking. These are some sources of vulnerabilities • Having weak or inadequate password policies • Allowing an unlimited amount of login attempts • Providing information back to an attacker on failed logins • Sending credentials over insecure channels • Weakly hashing passwords

  5. Broken Authentication Eliminating Password Vulnerabilities Passwords should have: • At least 1 uppercase character (A-Z) • At least 1 lowercase character (a-z) • At least 1 digit (0-9) • At least 1 special character including punctuation marks & spaces • Be at least 10 characters long.

  6. Broken Authentication Any questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User Authentication Authentication process Means of authentication Passwords Vulnerabilities of passwords Password Cracking Dictionary Attacks

471 views • 21 slides
FIXING OUR BROKEN HOUSING MARKET The White Paper: what it means for planning Context: housing is

FIXING OUR BROKEN HOUSING MARKET The White Paper: what it means for planning Context: housing is

FIXING OUR BROKEN HOUSING MARKET The White Paper: what it means for planning Context: housing is increasingly unaffordable By 2020 only 25% of 30 year olds will own their home The average London home made its owner more than 22 an hour during

183 views • 14 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
The Human Element in Computer Security - Graphical Passcodes as a Means to Create Secure

The Human Element in Computer Security - Graphical Passcodes as a Means to Create Secure

The Human Element in Computer Security - Graphical Passcodes as a Means to Create Secure Authentication systems Steffen Werner University of Idaho Why Research on User Authentication? The applied appeal Growing importance of stored

1.11k views • 93 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus

Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus

Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus & have given up on being their own savior! Abraham Sarah (wife) Isaac (son) Hagar (maidservant) Ishmael (son) Abraham, our broken spiritual

258 views • 21 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Table of Contents Introduction Hacking Web Sites Examples of Attacks Broken

Table of Contents Introduction Hacking Web Sites Examples of Attacks Broken

Table of Contents Introduction Hacking Web Sites Examples of Attacks Broken Authentication Brute Force Session Spotting Emmanuel Benoist Session Fixation Attack Session Hijacking Fall Term 2020/2021 Session Expiration

638 views • 10 slides
Nick Schrock Founder, Elementl @schrockn Our data is totally broken Our data is

Nick Schrock Founder, Elementl @schrockn Our data is totally broken Our data is

Nick Schrock Founder, Elementl @schrockn Our data is totally broken Our data is totally broken We dont know where our data comes from We dont know what it means We cannot reliably process and test it Our

951 views • 66 slides
Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist

Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist

IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 7 Broken Authentication and Session Management 1 Table of Contents

641 views • 24 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
eb Security Software Studio yslin@DataLAB 1 OWASP Top 10 Security Risks in 2017 Rank Name

eb Security Software Studio yslin@DataLAB 1 OWASP Top 10 Security Risks in 2017 Rank Name

eb Security Software Studio yslin@DataLAB 1 OWASP Top 10 Security Risks in 2017 Rank Name 1 Injection 2 Broken Authentication and Session Management 3 Cross-Site Scripting (XSS) 4 Broken Access Control 5 Security Misconfiguration

944 views • 77 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Authentication and Passwords Autumn 2016 Tadayoshi Kohno yoshi@cs.Washington.edu Thanks to Dan

Authentication and Passwords Autumn 2016 Tadayoshi Kohno yoshi@cs.Washington.edu Thanks to Dan

CSE 484 / CSE M 584: Computer Security and Privacy Authentication and Passwords Autumn 2016 Tadayoshi Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Franzi Roesner, Vitaly

751 views • 39 slides
Logic and cognition: Sujata Ghosh Towards an interdependent ISI Chennai

Logic and cognition: Sujata Ghosh Towards an interdependent ISI Chennai

Logic and Cognition Workshop, ICLA 2019, March 2, 2019 Logic and cognition: Sujata Ghosh Towards an interdependent ISI Chennai sujata@isichennai.res.in methodology What is logic ? What is logic ? Contrariwise, continued Tweedledee,

840 views • 80 slides
New results on the geometry of translation surfaces Marian Ioan MUNTEANU Al.I.Cuza University of

New results on the geometry of translation surfaces Marian Ioan MUNTEANU Al.I.Cuza University of

New results on the geometry of translation surfaces Marian Ioan MUNTEANU Al.I.Cuza University of Iasi, Romania webpage: http://www.math.uaic.ro/ munteanu XI th International Conference GEOMETRY, INTEGRABILITY and QUANTIZATION Varna : June 5

1.59k views • 83 slides
Structure of Volcano of -isogeny applied to Couveigness algorithm Luca De Feo, Cyril

Structure of Volcano of -isogeny applied to Couveigness algorithm Luca De Feo, Cyril

Reminder on elliptic curves Endomorphism ring Volcano of -isogeny and Frobenius endomorphism -adic tower Structure of Volcano of -isogeny applied to Couveigness algorithm Luca De Feo, Cyril Hugounenq, Jerome Plut, Eric Schost

472 views • 28 slides
TLS 1.3 Client Authentication Andrei Popov, Microsoft Corp. Issue 1: TLS Client Authentication

TLS 1.3 Client Authentication Andrei Popov, Microsoft Corp. Issue 1: TLS Client Authentication

TLS 1.3 Client Authentication Andrei Popov, Microsoft Corp. Issue 1: TLS Client Authentication After the Handshake The user navigates to the sites landing page, no client authentication required. Eventually, the user requests a

69 views • 6 slides
Authentication in Distributed Systems Austen Barker Access Control Operation Object principal

Authentication in Distributed Systems Austen Barker Access Control Operation Object principal

Authentication in Distributed Systems Austen Barker Access Control Operation Object principal Reference monitor Challenges of a distributed system Autonomy : Path from principal to an object may be long and convoluted. Size : Usually much

304 views • 29 slides
Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and Algorithmic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems & Applications Nancy France August 2018

1.23k views • 78 slides
The Windows Hello for Business: Protocol Level Deep Dive Obaid Farooqi Sr. Escalation Engineer

The Windows Hello for Business: Protocol Level Deep Dive Obaid Farooqi Sr. Escalation Engineer

The Windows Hello for Business: Protocol Level Deep Dive Obaid Farooqi Sr. Escalation Engineer Microsoft Introduction } Obaid Farooqi } Microsoft } Sr. Escalation Engineer in Developer Support: Protocols Team } Support Developers implementing

2.45k views • 22 slides

More recommend