Authentication and Security Risks
This presentation is part of the Authentication Overview Self-Study Course.
Transcript
I want to focus on two very common attacks that we have run across in the past.
Replay Attack
A replay attack is carried out by the attacker – who can either be the originator of the request himself, or a malicious hacker who has managed to intercept the link between the application that authenticates the user and the application server hosting PegaRULES.
In a replay attack the adversary records the data and plays it back at a later time to gain access to a system. A replay attack can be prevented through hardening the link between the two systems by connecting them through a private network interface, or it can be avoided through the use of security tokens as we've discussed earlier.
Cross Site Scripting Attack
In this exploit, a hacker interjects a malicious script into the URL parameters that will execute in the context of the end user's browser. The script can run commands with the privileges the end user has on their own computer, steal cookies, or mount so-called phishing attacks. A cross-site scripting vulnerability is easy to prevent by filtering suspicious character such as angle brackets (<>) from the input parameters. Avoid displaying the content of URL parameters when you display an authentication failure. When you "display" the unfiltered URL parameter, you cause the possibly malicious script to execute.
It's also best practice from a security standpoint not to display the parameters causing the failure as this may give the hacker clues how to get into the system more quickly.