A2: Broken Authentication ❗️ — Top 10 OWASP 2017

What is authentication and session management?

What is broken authentication?

Attack scenarios

  • Man in the middle attacks
  • Credential stuffing / Bruteforce
  • No session timeouts


How can I prevent broken authentication

  • Strict password policy
  • Encryption
  • No excessive information

Preventive measures



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ivan Novikov

Ivan Novikov

CEO at Wallarm. Application security platform to prevent threats and discover vulnerabilities in a real-time.