Now-a-days, Broken Authentication and Session
Management attacks are at peak among online web
application attacks. It is because ‘Security’ is treated as add
on or post development activity. Organizations rely on
application scans, firewalls, penetrate and patch for
mitigating the vulnerabilities. But it doesn’t matter how
strong the firewalls are or how diligent the scans or
patching mechanism are, if the developers of web
application do not follow secure coding techniques, attackers
will definitely gain effortless unauthorized access to web
application through port 80. So, this paper is focused on
integrating security during development of web application
i.e. in Software Development Life Cycle (SDLC). How
Broken Authentication and Session Management attack
happens is illustrated. Variety of Broken Authentication and
Session Management attack defense mechanisms is
implemented.
Published In : IJCAT Journal Volume 2, Issue 5
Date of Publication : May 2015
Pages : 150 - 155
Figures :08
Tables : --
Publication Link :Combating Broken Authentication and Session
Management Attacks
Karandeep Singh : obtained his bachelor’s degree, B.Tech. in
Computer Science & Engineering from Punjab Technical University
and Currently pursuing Master’s degree, M.Tech in Software System
at Guru Nanak Dev University, Amritsar. His research area includes
Software Security.
Sandeep Sharma : received his M.E. degree in Computer Science
from TIET,INDIA in 2000 and his B.E in Computer Engineering from
Pune University, INDIA in 1994. His area of interest is parallel
processing, Multistage Interconnection Network, fault tolerance and
load balancing algorithms).He has two journal papers to his credit. He
is the member of IEEE forum committee.
Broken Authentication and Session
Management attacks
Secure Software Engineering
Vulnerability
Web Application
Relying on the idea of “Secure Software Engineering”,
this paper focused on embedding security during
development of web application i.e. in SDLC to mitigate
Broken Authentication and Session Management
vulnerabilities. How Broken Authentication and Session
Management attacks happen is illustrated. As coding phase is a focal point where Broken Authentication and
Session Management vulnerabilities lay, this paper
implements the preventive measures to be taken in coding
phase of web application. It is recommended to use safe
coding practices complex passwords, proper session id
management to mitigate Broken Authentication and
Session Management vulnerabilities.
[1] Application Security testing Procedure, Available at:
http://www.testandverification.com/wp
content/uploads/tvs-white-paper-secure-web-testingprocedure-
SAMPLE.pdf, last visited: 8 may 2015.
[2] Boehm B., "Industrial Metrics Top 10 List", IEEE
Software, vol. 4, 1987, pp. 84-85.
[3] Sea Monster-Providing tool support for security
modelling,
http://www.shieldsproject.eu/files/docs/seamonster_nisk
2008.pdf , 2008.
[4] Sindre G. and Opdahl A.L., “Eliciting security
requirements with misuse cases”, Requirements
Engineering, vol.10, 2005, pp.34–44.
[5] Threat Modeling, Improving Web Application Security:
Threats and Countermeasures, Microsoft Corporation
(Eds.), Chapter 3, Microsoft Press, USA, ISBN-13:978-
0735618428,2003, pp: 45-66.
[6] William J. and Wichers D. , OWASP Top 10-2013 :The
Ten Most Critical Web Application Security
risks,http://owasptop10.googlecode.com/files/OWASP%
20Top%2010%20-%202013.pdf,2013.
[7] Navdeep Kaur and Parminder Kaur, “Mitigation of SQL
Injection attacks using Threat Modeling”,ACM
SIGSOFT Software Engineering Notes,Vol.39 no.6,
http://doi.acm.org/10.1145/2674632.2674638,2014,pp.1-
6.