{"id":637,"date":"2009-11-26T11:12:53","date_gmt":"2009-11-26T17:12:53","guid":{"rendered":"https:\/\/webhostinggeeks.com\/blog\/?p=637"},"modified":"2016-04-10T17:26:56","modified_gmt":"2016-04-10T21:26:56","slug":"authentication-hacking-is-your-site-vulnerable","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/blog\/authentication-hacking-is-your-site-vulnerable\/","title":{"rendered":"Authentication Hacking: Is Your Site Vulnerable?"},"content":{"rendered":"<p>Authentication plays an important part in securing a website and its applications.\u00a0 It works by authenticating and verifying a user\u2019s identity and then either denying or providing them with specific privileges to a system based on the username and password they enter against the established credentials.\u00a0 Though it adds an extra layer of protection, authentication is quite vulnerable to exploitation.\u00a0 In most cases, this type of attack does not originate from a security hole in the web server or operating system software.\u00a0 It actually targets <a href=\"https:\/\/webhostinggeeks.com\/tools\/passwordgenerator\/\">weak passwords<\/a> and vulnerable areas of the network itself.<\/p>\n<p>By successfully hacking the authentication session, an attacker can log into the system as a known and valid user, which provides them with whatever privileges the victimized user has been assigned by the administrator.\u00a0 This means that the intruder could only have access to certain information, or global access across the entire system, the latter of which could possibly give them control of the application or website itself.\u00a0 At this point, the attacker can stir up a lot of trouble.<\/p>\n<p><strong>Tools of the Trade <\/strong><\/p>\n<p>Most attackers attempt to gain access via the application\u2019s login screen that requests a username and password to enter the system.\u00a0 This calls for them to match the correct login credentials that application recognizes as valid and hopefully has the highest level of privileges in the system.\u00a0 While this is not the most sophisticated attack, password cracking can prove to be one of the most effective methods a hacker uses to cripple an authentication scheme.\u00a0 This common technique can be executed manually or automatically with special software, which makes guessing the password much easier.<\/p>\n<p>If the attacker has no success at password guessing, their next step usually involves automated tools such as Brutus and WebCracker, which unfortunately, are widely available on the web.\u00a0 These custom applications are designed to defeat authentication and penetrate the target system using a list of predefined usernames and passwords.\u00a0 However, they are best known for employing dictionary attacks and brute force.\u00a0 Hence the name, a dictionary attack utilizes a pre-formulated list of common words in a dictionary to compromise web applications, trying thousands of combinations to determine the correct username and password.\u00a0 Brute force is a technique used to break a cryptographic scheme by consistently trying a large number and\u00a0 sometimes all, possible keys to decrypt an encrypted password.\u00a0 Both have proven to be very effective at guessing weak passwords and bypassing authentication.<\/p>\n<p><strong>Prevention and Protection<\/strong><\/p>\n<p>Stopping an authentication attack can be very difficult.\u00a0 Especially when factoring in all the sophisticated hacking techniques and tools on the black market.\u00a0 Fortunately, there is a way to test the strength and overall effectiveness of your authentication methods.\u00a0 One of the most reliable is authentication testing, a feature commonly found in web vulnerability scanners.\u00a0 These applications are generally easy to use and configure for automatically testing all the applications within your site that require authentication.\u00a0 Furthermore, most also scan for other common exploits such as SQL injection, cross site scripting and cross site forgery.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Authentication plays an important part in securing a website and its applications.\u00a0 It works by authenticating and verifying a user\u2019s identity and then either denying or providing them with specific&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[9],"tags":[1367,1369,274,1364,321,1366,102,271,1368],"class_list":["post-637","post","type-post","status-publish","format-standard","hentry","category-security-issues","tag-brutus","tag-cross-site-forgery","tag-cross-site-scripting","tag-exploitation","tag-hackers","tag-login-credentials","tag-security","tag-sql-injection","tag-webcracker"],"views":167,"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts\/637","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/comments?post=637"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts\/637\/revisions"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/media?parent=637"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/categories?post=637"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/tags?post=637"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}