Examine how your application authenticates its callers, where it uses authentication, and how it ensures that credentials remain secure while in storage and when passed over the network. Vulnerabilities in authentication can make your application susceptible to spoofing attacks, dictionary attacks, session hijacking, and other attacks. Table 5-2 highlights the most common authentication vulnerabilities.
Table 5-2. Common Authentication Vulnerabilities
The risk of password cracking and dictionary attacks increase.
Clear text credentials in configuration files
Insiders who can access the server or attackers who exploit a host vulnerability to download the configuration file have immediate access ...