Broken Authentication and Session Management – part Ⅰ

According to OWASP, Broken Authentication and Session Management was defined as  ‘Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.’ In other words, an attacker can get unauthorized access of the user due to the flaw in the implementation. Before exploiting this vulnerability you need to know few concepts

  1. What is a Session and why do we need a Session
  2. What is a Cookie
  3. What is an Authentication

Continue reading

Advertisements

Set up your Penetration Testing Lab

To excel at penetration testing, you need to have your lab for practise/research. I would suggest one to use virtual machines which are free in the market. I would go with VMware Workstation rather than Virtual box, it’s just my personal option. You can choose any one.

Downloads

1. VMware Workstation
Click here to download VMware Workstation

2. Kali Linux iso
Click here to download Kali Linux Iso

3. Bee-box
Click here to download bee-box
Continue reading