Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Ethical Hacking > Lecture6 Broken Authentication/ Session Mgmt > Flashcards

Lecture6 Broken Authentication/ Session Mgmt Flashcards

1
Q

Broken Authentication and Session

Management. What is it?

A
  • Vulnerability that allows an attacker to capture credentials or bypass authentication methods used to protect against unauthorised access.
  • Approx 23 % of all Web Apps are vulnerable
  • currently ranked #2 on the OWASP Top 10
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does the application fail to
protect username, password and
session ID?

A
  1. Unencrypted connections to application.
  2. Predictable login credentials.
  3. Authentication details (username and
    password) not protected when stored.
  4. Session IDs are used in URLs
  5. Session values not timed out or don’t get
    invalidated after logout.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

To defend against session fixation, assign …..

A

assign session cookie immediately after authentication, and also verify they do not include the cookie value in the URL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Active eavesdropping

A

somebody sets up fake wifi router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Passive disclosure

A

info. that is being sent from a browser (e.g. as GET request) and then the attacker sniffs the network traffic and gains access to that info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Most common authentication scheme

A

the use of a username and password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Ethical Hacking (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions