

The authentication state in these applications is just a simple file (or data/record) that’s stored in temporary storage.

You are not using strong tokens.įirst, let’s talk about applications which are implemented with stateful authentication. In this article, we’ll review five common mistakes and other key considerations while working with authentication tokens. Because tokens are one of the core attributes in authentication mechanism, there’s little doubt they are one of top attack and investigation vectors for cyber-criminals trying to compromise portals authentication mechanism.

Without tokens, users would need to enter their credentials on each authenticated action which would be very uncomfortable. These special randomly generated lines of characters are used to authenticate users after they enter their login credentials. Recently user authentication and session management weaknesses were even “honored” with a silver medal for being among the biggest threats to application security.Īuthentication tokens are one of the most important factors while handling registered application users. Although they have many pre-made solutions and implementations, such vulnerabilities still make the “OWASP Top 10 Web Application Security Risks” list of the most critical kinds of today’s web applications vulnerabilities. While using the latest technology might be strongly recommended, not understanding how the technology works, the possible security issues, and the basics of secure development practices is also a big problem.Īuthentication and user session management are particularly vulnerable areas. Even if we consider this past decade as a “Golden Age” of technology, the truth is that none of the new tech-stack will remedy the issue of human error. and Marriot) with access to millions of user’s records face-experiencing massive sensitive data breaches. It’s a risk and reality for international fortune companies (e.g. Cybercrime is escalating-and it’s a big issue for companies handling sensitive user data.
