[WEB SECURITY] Broken Authentication and Failure to restrict URL access
Prasad Shenoy
prasad.shenoy at gmail.com
Wed Jun 6 14:01:39 EDT 2012
Are you reading OWASP Top 10 2007? Just curious since you list the index
numbers for these topics that do not match the 2010 list.
Anyways, in simple terms,
A3 Broken Authentication and Session Mgmt - Authentication exists but can
be easily circumvented to gain access to a protected resource
A8 Failure to Restrict URL Access - No Authentication present, anonymous
users can gain access to the resources w/o being challenged.
Please refer to the most updated list.
[ ~ Prasad | @prasadshenoy ~]
On Wed, Jun 6, 2012 at 3:47 AM, dhirajsmahajan at gmail.com <
dhirajsmahajan at gmail.com> wrote:
> Hi,
>
> Confused between Broken Authentication (OWASP A2) and Failure to restrict
> URL access (OWASP A7)?
>
> Can aynone tell me actually what is the difference between them?
>
> --
> Thanks & Regards,
>
> Dhiraj S Mahajan,
> Information Security Analyst,
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20120606/5d205e4a/attachment.html>
More information about the websecurity
mailing list