CHAPTER 3
Authentication
Access control overview
Authentication fundamentals
Web application authentication
Securing password-based web authentication
Secure web authentication mechanisms
Now that we have the basic security principles under our belt, we can look at the first part of one of the fundamental security controls for web applications: authentication. In this chapter, we’ll cover one part of access control by taking a close look at authentication. We’ll discuss how to prove your identity and break down the process of logging in to a web site with a username and password. This will lead us to different types of attacks against passwords. We’ll also talk about when authentication needs to be performed and the best practices in performing it. Also covered will be the various attacks against authentication systems, and how to properly mitigate the threats that these attacks pose.