Saturday, December 17, 2005

Authentication Threats

  • Brute Force – attacker iterates through multiple combinations in the hope of finding a valid username/password combination
  • Man in the Middle – attacker sniffs packets from the network, modifies them, and inserts them back into the network
  • Session Hijacking - attacker uses authentication tokens to seize control of a legitimate user’s session while that user is logged into the application
  • Session Replay - attacker captures authentication tokens (e.g. session ID, cookies) to bypass normal authentication without the legitimate user having to be logged into the application.


No comments:

Post a Comment