Broken Authentication
Hi, in this tutorial of Extreme Vulnerable Node Application (XVNA) we show the Broken Authentication vulnerability where we could access the application without having any credentials and could also use its REST call without any authentication. This is a huge vulnerability in XVNA.
We could crack the application in the following manner, see the video for more details.
Extreme Vulnerable Node Application is available at Github https://github.com/vegabird/xvna and you can download it and test in your localhost.
Prevention:
For Broken Authentication, we need to check the user authentication on each and every page visit and need maintain the session for it.
Related Articles
Broken Access Control
Hi, in this tutorial we will see Access Control of Extreme Vulnerable Node Application (XVNA). The main aim is to break the access, in XVNA we found vulnerability of IDOR (Insecure Direct Object Reference). This could be vulnerable and could be used ...OWAP TOP 10 2017
Application Security Risk 2017 The OWASP top ten has been changed and following list is the updated. A1:2017 – Injection A2:2017 – Broken Authentication A3:2017 – Sensitive Data Exposure A4:2017 – XML External Entities (XXE) A5:2017 – Broken Access ...Common website vulnerabilities
These are the some common website vulnerabilities found during the vulnerability scan. Always developers need to plan to block these loop holes for eliminating these following common vulnerabilities. 1. SQL INJECTIONS SQL injection is a type of web ...XVNA
XVNA is an Extreme Vulnerable Node Application that helps security enthusiasts to learn application security and it’s helps to developers better understand the processes of securing applications and It’s totally legal to break or hack into this. ...OWASP TOP
The OWASP Top Ten is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts ...