SG
Uploaded bySalma Gouia
PPTX, PDF212 views

Poor authorization and authentication

Poor authorization and authentication on mobile applications can allow unauthorized access. It occurs when things like long session timeouts, weak passwords, or hidden logout buttons are present. This exposes applications to technical impacts like being unable to identify users and business impacts like reputational damage from fraud or theft. Developers can detect these issues by testing account lockout policies, password strength, and attempting to bypass authentication. Prevention includes assuming client-side controls may be bypassed, enforcing authentication on the server-side, using persistent and device-specific authentication, and not allowing short or spoofable authentication values.

Embed presentation

Download to read offline
Poor Authorization and Authentication Bouzidi Nayrouz Gouia Salma Zarrouk Asma
Plan 1 2 3 4 Introduction What is Poor Authorization and Authentication? How can you detect Poor Authorization and Authentication ? How can you prevent Poor Authorization and Authentication attacks ? 5 Conclusion 2
Introduction 3
Mobile security is at the top of every company's worry list these days ,and for good reason : Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle . Furthermore, As smartphones and tablets become constant companions, hackers are looking for all avenues available to enter them that’s why today we are going to talk about one of the risks that can attack mobile application , poor authentication and authorization 4
What is Poor Authorization and Authentication? 5
What is it ? - Hidden Logout button - No password complexity specially on mobile - Long session time out - No account lock out - Authorization flags or based on the local storage 6
Impacts of Poor Authorization and Authentication? Technical Impact unable to identify the user performing an action request Business Impact reputational Damage, fraud, or information theft 7
How can you detect Poor Authorization and Authentication ? 8
Test account lockout policy Test strong password policy Try to bypass authentication 9
How can you prevent Poor Authorization and Authentication attacks ? 10
Assume that client- side authorization and authentication controls can be bypassed Authentifications must be re-enforced on the server-side whenever possible. Persistent authentication Device-specific authentication. Do not use any spoof-able values for authenticating a user. Do not allow users to provide 4-digit PIN numbers Mitigations 11
Conclusion 12
13 Authentication and Authorization are very important for securing resources and limiting access. The lack of security in this field have emerged as major issues which threaten to hinder progress.
Thank you

More Related Content

PPTX
Security Awareness Training.pptx
byMohammedYaseen638128
 
PPTX
Secure Coding 101 - OWASP University of Ottawa Workshop
byPaul Ionescu
 
PPTX
Cyber Security Fundamentals
byApurv Singh Gautam
 
PPT
Security and personnel bp11521
byMerlin Florrence
 
PPTX
CISSP - Chapter 3 - Cryptography
byKarthikeyan Dhayalan
 
PDF
Soc analyst course content
byShivamSharma909
 
PPTX
Penetration testing in wireless network
byHadi Fadlallah
 
PDF
IP Security
byAmbo University
 
Security Awareness Training.pptx
byMohammedYaseen638128
 
Secure Coding 101 - OWASP University of Ottawa Workshop
byPaul Ionescu
 
Cyber Security Fundamentals
byApurv Singh Gautam
 
Security and personnel bp11521
byMerlin Florrence
 
CISSP - Chapter 3 - Cryptography
byKarthikeyan Dhayalan
 
Soc analyst course content
byShivamSharma909
 
Penetration testing in wireless network
byHadi Fadlallah
 
IP Security
byAmbo University
 

What's hot

PDF
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
byGyanmanjari Institute Of Technology
 
ODP
Des
byAnshul Sharma
 
PDF
Cybersecurity tips for employees
byPriscila Bernardes
 
PPTX
Security Operations Center Analyst Presentation
bykundansaraf1
 
PDF
End-User Security Awareness
bySurya Bathulapalli
 
PPTX
Logging, monitoring and auditing
byPiyush Jain
 
PPTX
Implementing cybersecurity best practices and new technology ppt (1).pptx
bydamilolasunmola
 
PDF
Comprehensive plans are in place to improve our institutional cyber security
byJasonTrinhNguyenTruo
 
PDF
OWASP Mobile Top 10
byNowSecure
 
PPTX
Email_Security Gateway.pptx
byssuser651fd4
 
PPTX
The Dark Web : Hidden Services
byAnshu Singh
 
PPTX
Insider threat kill chain
byTarun Gupta,CRISC CISSP CISM CISA BCCE
 
PPT
Protecting web aplications with machine learning and security fabric
byDATA SECURITY SOLUTIONS
 
PPTX
Introduction to information security
byjayashri kolekar
 
PPTX
Fortify On Demand and ShadowLabs
byjasonhaddix
 
PPTX
ISO 27001 - Information security user awareness training presentation - part 3
byTanmay Shinde
 
PPTX
Security awareness
byJosh Chandler
 
PPTX
Cyber security power point templates
byRaul Flores
 
PPTX
Cyber attacks and IT security management in 2025
byRadar Cyber Security
 
PPTX
Intrusion detection system
byAAKASH S
 
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
byGyanmanjari Institute Of Technology
 
Des
byAnshul Sharma
 
Cybersecurity tips for employees
byPriscila Bernardes
 
Security Operations Center Analyst Presentation
bykundansaraf1
 
End-User Security Awareness
bySurya Bathulapalli
 
Logging, monitoring and auditing
byPiyush Jain
 
Implementing cybersecurity best practices and new technology ppt (1).pptx
bydamilolasunmola
 
Comprehensive plans are in place to improve our institutional cyber security
byJasonTrinhNguyenTruo
 
OWASP Mobile Top 10
byNowSecure
 
Email_Security Gateway.pptx
byssuser651fd4
 
The Dark Web : Hidden Services
byAnshu Singh
 
Insider threat kill chain
byTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Protecting web aplications with machine learning and security fabric
byDATA SECURITY SOLUTIONS
 
Introduction to information security
byjayashri kolekar
 
Fortify On Demand and ShadowLabs
byjasonhaddix
 
ISO 27001 - Information security user awareness training presentation - part 3
byTanmay Shinde
 
Security awareness
byJosh Chandler
 
Cyber security power point templates
byRaul Flores
 
Cyber attacks and IT security management in 2025
byRadar Cyber Security
 
Intrusion detection system
byAAKASH S
 

Recently uploaded

PDF
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PDF
How Automation Powers Data Quality and Governance at Scale
bySafe Software
 
PPTX
Full course that Prymehat uploads for you
byOhenebaManu1
 
PPTX
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
PDF
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
PDF
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
PDF
SAP WalkMe Overview.pdf SAP WalkMe Overview.pdf
byMurniatiSimbolon2
 
PPTX
Lecture 05. API Security for DevSecOps Eng.pptx
byvinocol222
 
PDF
January Patch Tuesday
byIvanti
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
PPTX
Oracle SCM Cloud Solutions for Smart Supply Chain Management
byChetu
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PPTX
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PDF
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
PPTX
Basics-of-Electronics-and-Core-Components-of-IoT-Systems.pptx
byMuhammedNihal54
 
PPTX
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
How Automation Powers Data Quality and Governance at Scale
bySafe Software
 
Full course that Prymehat uploads for you
byOhenebaManu1
 
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
SAP WalkMe Overview.pdf SAP WalkMe Overview.pdf
byMurniatiSimbolon2
 
Lecture 05. API Security for DevSecOps Eng.pptx
byvinocol222
 
January Patch Tuesday
byIvanti
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
Oracle SCM Cloud Solutions for Smart Supply Chain Management
byChetu
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
Basics-of-Electronics-and-Core-Components-of-IoT-Systems.pptx
byMuhammedNihal54
 
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 

Poor authorization and authentication

  • 1.
    Poor Authorization and Authentication BouzidiNayrouz Gouia Salma Zarrouk Asma
  • 2.
    Plan 1 2 3 4 Introduction What is PoorAuthorization and Authentication? How can you detect Poor Authorization and Authentication ? How can you prevent Poor Authorization and Authentication attacks ? 5 Conclusion 2
  • 3.
  • 4.
    Mobile security isat the top of every company's worry list these days ,and for good reason : Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle . Furthermore, As smartphones and tablets become constant companions, hackers are looking for all avenues available to enter them that’s why today we are going to talk about one of the risks that can attack mobile application , poor authentication and authorization 4
  • 5.
  • 6.
    What is it? - Hidden Logout button - No password complexity specially on mobile - Long session time out - No account lock out - Authorization flags or based on the local storage 6
  • 7.
    Impacts of PoorAuthorization and Authentication? Technical Impact unable to identify the user performing an action request Business Impact reputational Damage, fraud, or information theft 7
  • 8.
    How can you detectPoor Authorization and Authentication ? 8
  • 9.
    Test account lockout policy Teststrong password policy Try to bypass authentication 9
  • 10.
    How can you preventPoor Authorization and Authentication attacks ? 10
  • 11.
    Assume that client- sideauthorization and authentication controls can be bypassed Authentifications must be re-enforced on the server-side whenever possible. Persistent authentication Device-specific authentication. Do not use any spoof-able values for authenticating a user. Do not allow users to provide 4-digit PIN numbers Mitigations 11
  • 12.
  • 13.
    13 Authentication and Authorizationare very important for securing resources and limiting access. The lack of security in this field have emerged as major issues which threaten to hinder progress.
  • 14.