Auditing Web Site Authentication, Part Two

by Mark Burnett
Sept. 24, 2017 1 comment Symantec Pen Testing & Audits website

Inadequate user security is a problem that Web developers must address. Perhaps it is lack of standards. Perhaps it is a lack of auditing. This is the second part of an article addressing both of those issues by establishing a standard audit procedure by which to measure your own security. Test this list of questions against your own Web site's authentication scheme and see how it stands. The first article focused on issues surrounding usernames and passwords. This article will explore issues surrounding user privacy, session authentication, user security, and cookies.

2flash 7 months, 3 weeks ago

I think that the author wrote Part One with a bit more care than this one. I am not saying it is bad, but could use a bit more detailed writing.