Explore potential authentication and password issues in software, the risks associated with them, and learn how to avoid them.
- Authentication is not an easy operation…when it comes to modern software.…On paper, it looks very straightforward.…User comes to your site, enters their username…and password, and clicks submit.…You then evaluate the username and password…and determine if this is indeed the correct person…and go from there.…Simple, right?…Well, not so fast.…Authentication itself has many security implications.…
One such attack is an enumeration attack,…which we've already discussed.…If you provide separate messages…when a wrong password is entered,…versus when an unknown user enters your system,…you are telling an attacker if they have…the username correct or not.…So, the key here is keep the messaging consistent.…Another issue to address is the actual time…it takes to perform authentication.…This is a case where faster is not better.…
We're going to talk about cryptographic algorithms…in a bit, but know that some hashing algorithms…are slower than others, and when it…comes to authentication, slow is not a bad thing.…Now, when I say slow, we're talking about hundreds…
AuthorFrank P Moley III
- Understanding attackers and risks
- Documenting your risks
- Issues related to web client–server interactions
- Issues related to thick app and client–server interactions
- Authorization and cryptography issues
- Implementing security in each phase of the software development life cycle
Skill Level Beginner
Web Security: OAuth and OpenID Connectwith Keith Casey1h 26m Intermediate
Programming Foundations: Design Patternswith Elisabeth Robson2h 19m Intermediate
What you need to know1m 35s
1. Security and Risk Overview
2. Web Client Server Interaction Code Issues
3. Thick App and Client-Server Interaction Issues
4. Crypto and Security Misuse Issues
5. Security in the SDLC
Next steps2m 10s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.