From the course: Ethical Hacking with JavaScript
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Broken authentication - JavaScript Tutorial
From the course: Ethical Hacking with JavaScript
Broken authentication
- [Instructor] Broken authentication is where a hacker is able to see or exploit user information such as username and password. It is extremely dangerous and if you have an application with poor authentication practices, you're putting your application and your users at risk and potential legal liabilities. If any of your code provides clear text representation of your user's password, either publicly or when the user's logged in, you're a victim of your own bad authentication practices. Here's a few examples of broken authentication and as you can imagine, what hackers could exploit from these. Text passwords, if your code doesn't hash the passwords through the use of bcrypt or similar libraries, you're exposing your user's password for anyone to exploit them. Session IDs in the browser, a session ID provides information about the user logged into the application. A hacker could use the session ID to access user or application data. Use proper session libraries for that purpose…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
(Locked)
Injection threat2m 23s
-
(Locked)
Broken authentication1m 54s
-
(Locked)
Sensitive data1m 5s
-
(Locked)
XML external entities1m 6s
-
(Locked)
Security misconfiguration1m 29s
-
(Locked)
Insecure deserialization1m 10s
-
(Locked)
Components with known vulnerabilities1m 12s
-
(Locked)
Insufficient logging and monitoring1m 47s
-
(Locked)
-