Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 0 1 00:00:00,060 --> 00:00:07,560 Hello Everyone, so let us continue to the second vulnerability in OWASP and the second vulnerability in OWASP 1 2 00:00:07,680 --> 00:00:17,970 2017 is broken authentication so when any application functionality is broken or weak and any attacker 2 3 00:00:18,090 --> 00:00:26,550 is able to bypass the authentication using Session token flaws, Brute forcing the application, No-Rate limiting 3 4 00:00:26,820 --> 00:00:34,350 or Password compromised using response manipulation or any other flaws which gives an attacker temporary 4 5 00:00:34,470 --> 00:00:43,080 or permanent access to the user user's identity is known as broken authentication what type of vulnerabilities 5 6 00:00:43,080 --> 00:00:50,520 lies under broken authentication? Vulnerabilities like OTP bypass, Captcha bypass, Common passwords 6 7 00:00:50,530 --> 00:01:00,870 brute force, No-Rate limit or Two factor authentication bypass. Why broken authentication happens? Manipulated 7 8 00:01:00,960 --> 00:01:09,600 response is interpreted by the application.When any application takes decisions based on the 8 9 00:01:09,600 --> 00:01:17,360 manipulated response then it becomes a vulnerability when the application does not have a rate limit there 9 10 00:01:17,360 --> 00:01:20,200 is no rate limit on the application. 10 11 00:01:20,540 --> 00:01:28,190 The lack of session management if any application is having improper session management then also broken 11 12 00:01:28,340 --> 00:01:30,510 authentication can occur. 12 13 00:01:31,970 --> 00:01:35,080 So what can be achieved by a broken authentication. 13 14 00:01:35,210 --> 00:01:43,370 Temporary access to users account can be achieved permanent access to any user's account can be achieved. 14 15 00:01:43,370 --> 00:01:51,490 Attacker can modify and alter any user's detail accounts can be used for malicious purposes 15 16 00:01:51,840 --> 00:01:54,230 to conduct attacks further on. 16 17 00:01:54,250 --> 00:02:01,960 So basically any attacker can do a temporary or permanent account takeover and modify the details like 17 18 00:02:02,260 --> 00:02:08,550 email I'd, password and other crucial and vital details into the account. 18 19 00:02:08,910 --> 00:02:12,960 So how do we fix broken authentication issues. 19 20 00:02:13,020 --> 00:02:21,270 The first thing a usage of strong authentication like JWT tokens, SAML or open authorization can 20 21 00:02:21,270 --> 00:02:27,420 be used do not allow default or weak credentials. 21 22 00:02:27,750 --> 00:02:34,530 Escaping is the primary means to make sure that untrusted data can't be used to convey an induction attack. 22 23 00:02:34,530 --> 00:02:40,040 OK so you can also use a rate limit. 23 24 00:02:40,320 --> 00:02:48,450 Also usage of server side secure session management that generate high entropy secured sessions can 24 25 00:02:48,450 --> 00:02:52,730 also be used to fix broken authentication types of issues. 25 26 00:02:55,160 --> 00:02:55,580 Thank you. 3163