Authentication
Authentication is the act of establishing or confirming something (or someone) as authentic or genuine. Authentication depends upon one or more authentication factors. Testing the authentication schema means understanding and visualizing the overall process of how the authentication works and using that information to find vulnerabilities in the implementation of the authentication mechanism. Compromising the authentication system gives attackers direct entry into the application, making it further exposed to variety of attacks.
The upcoming sections describe a few important tests for authentication.
Credentials over a secure channel
This is indeed a very basic check. Applications must transmit user credentials and all sensitive data strictly over the secured HTTPS protocol. If the application uses HTTP to transmit user credentials and data, it is vulnerable to eavesdropping. We can quickly check if the website is using HTTP or HTTPS by inspecting the URL bar as shown in the...