Passion
  • What is this GitBook about ?
  • Privilege Escalation
    • Linux
    • Windows
  • Network Security
    • Port Scanning
    • DNS Enumeration
    • FTP Enumeration
    • SSH Enumeration
    • SMB Enumeration
    • SMTP Enumeration
    • POP3 Enumeration
  • Checklists
    • Active Directory Security
    • OS Command Injection
    • Buffer Overflow
    • Broken Access Control
    • Local File Inclusion
    • SSRF
    • XXE Attacks
    • SQL Injection
    • XSS
  • WebApp Security
    • Local File Inclusion
    • File Upload Attacks
      • IIS Server File Upload
      • Escaping Sandbox via File Upload
    • Broken Access Control
      • Vertical PrivEsc
      • Horizontal PrivEsc
      • Horizontal => Vertical
    • OS Command Injection
    • SSTI
      • Finding the Injection Point
      • Indentification
      • Exploitation
    • XXE Attacks
      • XXE to LFI
      • XXE to SSRF
      • XXE via File upload
      • XInclude Attacks
      • Blind XXE Attacks
        • Identification
        • Exploitation
        • Blind XXE to LFI
        • Blind XXE by defining Local DTD
    • SQL Injection
    • Server Side Request Forgery
      • Various Attack Methods
      • Exploiting Blind SSRF
    • OAuth Attacks
      • In Password-Based Logins
    • XSS
      • Reflected XSS
      • Stored XSS
      • DOM XSS
      • Blind XSS
      • Perfecting our Payload
      • Exploiting Blind XSS
  • WebApp Mitigations
    • SSTI
  • Docker Security
    • Configuration
    • Ngnix Deployment
  • ☁️Cloud Security
    • AWS
      • Cloud Breach S3
      • IAM PrivEsc - RollBack
      • IAM PrivEsc - Attachment
Powered by GitBook
On this page
  • What is Authentication
  • Authentication Vs Authorization
  • With respect to the Web Context
  • How do authentication vulnerability arise
  1. WebApp Security

OAuth Attacks

When authentication and security comes together then it creates a severe vulnerability as it gives access to some of the sensitive data and functionality.

What is Authentication

It is the process of verifying the identity of a given user, in simple words it is a way to make sure that they really are who they claim to be while authenticating.

There are three authentication factors into which different types of authentication can be categorized:

  • Knowledge Factors => Something you know such as password or the answer to the security question.

  • Possession Factors => Something you have such as a mobile phone or security token.

  • Inherence Factors => Something you are such as biometrics or patterns.

Authentication Vs Authorization

Authentication is the process of verifying that a user really is who they claim to be, and Authorization involves verifying whether a user is allowed to do something or not !

You would have heard people saying, your not authorized to do that and stuff right ?

With respect to the Web Context

Authentication determines whether someone attempting to access the site with the username Carlos really is the same person who created the account after being authenticated.

His permissions determine whether or not he is authorized. For example, to access personal information about other users or perform actions such as deleting another user's account.

How do authentication vulnerability arise

  • The authentication mechanisms are weak because they fail to adequately protect against brute-force attacks.

  • Logic flaws or poor coding in the implementation allow the authentication mechanisms to be bypassed entirely by an attacker. This is sometimes referred to as "broken authentication".

PreviousExploiting Blind SSRFNextIn Password-Based Logins

Last updated 2 years ago