Issues related to identification and authentication. This category remains an integral part of the Top 10, but the increased availability of standardized frameworks seems to be helpful.
Broken Authentication is a security risk for applications:
- Allows attackers to compromise keys, passwords, and session tokens.
- Can lead to the exploitation of user identities.
- In the worst case, it can result in complete system control.
Vulnerabilities are due to various factors:
- Poor authentication configuration.
- Logical errors in the authentication mechanism.
- Bugs in the software managing authentication.
| OWASP Top 10 Application Security Risks - 2021 | Reference |
|---|---|
| A07:2021 – Identification and Authentication Failures | OWASP |
A successful attack can lead a malicious actor to gain full access to all web application data, assuming administrator rights and compromising the confidentiality, integrity, and availability of the application.Francesco Ongaro
