How to Mitigate Authentication Attacks - Web Application Security
Hello! In this post we will go through some mitigation techniques which would allow you to secure your web application from authentication based attacks. So let's go through them point by point.
These are all going to be really important in order to secure your web application or if you are a web application pen-tester, to your customers because login and authentication is basically the three-headed dog protecting the treasure because if it can be circumvented and then everything is lost. You could have the perfect cross-site scripting protection or whatever firewalls and logging but if the attacker can figure out the password then he will look like just a normal user and you will probably not notice that something is going on.
All right, That’s it for this post. Stay tuned for more posts on Web Application Security
Protect the Session ID and credentials
First, you need to protect the session id and the login credentials. The best way to do that is to use encryption and the easiest would be to do SSL/TLS and just make sure that you're creating a secure configuration for your SSL.Protect against Bruteforcing
The second is that attacks against authentication usually involve some kind of brute force to get the access so you have to protect your web application against brute force attacks. You could do that by anti brute force techniques or anti automation techniques such as kept captchas or login limits or maybe rate limitations et cetera.Enforce Strong Passwords
Now the third which is still the biggest problem is that users use weak passwords so you definitely have to enforce strong passwords and also make sure that these strong passwords are renewed time to time and yes it's really annoying and irritating but that's the way it is if you want to protect your web app.Two Factor Authentications
The point is you could implement some kind of two-factor authentication like a mobile token or similar and that will definitely be a huge step forward.Anomaly Detection
And the fifth point is anomaly detection. So, for instance, say if you record a login from the same user at China and then one minute later another login from the same user in Germany, then probably there is something fishy going on. So you could respond by notifications or you could use two-factor authentications to make sure that it's the correct user or something like that. Nevertheless, anomaly detection always helps.These are all going to be really important in order to secure your web application or if you are a web application pen-tester, to your customers because login and authentication is basically the three-headed dog protecting the treasure because if it can be circumvented and then everything is lost. You could have the perfect cross-site scripting protection or whatever firewalls and logging but if the attacker can figure out the password then he will look like just a normal user and you will probably not notice that something is going on.
All right, That’s it for this post. Stay tuned for more posts on Web Application Security
How to Mitigate Authentication Attacks - Web Application Security
Reviewed by Admin
on
April 16, 2020
Rating:
Reviewed by Admin
on
April 16, 2020
Rating:
No comments: