From the course: ASP.NET MVC 5 Identity: Authentication and Authorization
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Vulnerability: Excessive authentication attempts
From the course: ASP.NET MVC 5 Identity: Authentication and Authorization
Vulnerability: Excessive authentication attempts
- [Ervis] Depending on the password policy, it can be either really easy or hard to guess. There are different techniques used to guess passwords, such as dictionary attack, phishing, social engineering, or just plain, brute force. Whatever the case, the more guesses a hacker gets, the higher the risk for security breach. Therefore, some kind of control mechanism for repeatedly failed logins should be applied. Let us say we want to make sure that the users cannot enter the credentials wrong for more than five times without being locked out. In ASP.NET MVC 5 application, you will do this configuration in the IdentityConfig.cs file. So, for that, you go to the Solution Explorer. Inside the App_Start folder, you have the IdentityConfig.cs file. If you scroll down to the create method, inside this method, you are going to see a default configuration. So, this configuration will make sure that the hacker cannot break your password using any of the password guessing techniques mentioned…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
(Locked)
Vulnerability: Object binding vulnerability3m 34s
-
(Locked)
Vulnerability: Dangerous uploaded file type58s
-
(Locked)
Vulnerability: Excessive authentication attempts1m 30s
-
(Locked)
Vulnerability: XSS filter evasion48s
-
(Locked)
Vulnerability: Inclusion of third-party ccripts57s
-
(Locked)
Vulnerability: Cross-site request forgery (CSRF)1m 59s
-
(Locked)
Vulnerability: Open redirect1m 33s
-
(Locked)
-