Authentication issues
Authentication in a web application plays an important role as it verifies the identity of the user and allows the user to view and interact with only those contents that the user is authorized to access. In a web application, authentication is usually done by a combination of username and password.
Authentication protocols and flaws
Authentication is done in web applications using the following methods:
- Basic authentication
- Digest authentication
- Integrated authentication
- Form-based authentication
Basic authentication
In basic authentication, the username and password is transmitted over the network using the Base64 encoding which is very easy to reverse and acquire the clear text password. The credentials can easily be sniffed by an attacker if the transmission is not done over over a secure channel. These drawbacks should be enough to convince a developer to move over to more secure authentication methods.
Digest authentication
The digest mode authentication was introduced...
