Protecting web applications from authentication attacks

• Autorzy: Gugała Łukasz , Łaba Kamil , Dul Magdalena

Identyfikatory

DOI

10.5281/zenodo.10049992

• Języki publikacji: EN

Abstrakty

EN

This paper explores the critical domain of safeguarding web-based applications against authentication attacks, recognizing the persistent challenges posed by evolving cyber threats. The project delineates the distinct objectives of such attacks, including data theft, identity theft, and service disruption, underlining their potential far-reaching implications, such as the compromise of sensitive corporate data and the execution of unauthorized administrative operations. It underscores the pivotal role of user awareness and education as the ultimate defense against authentication-related breaches. Robust security measures, encompassing the use of strong, intricate passwords, encrypted network communication, two-factor authentication, and the regulation of failed login attempts, are emphasized as essential safeguards. Additionally, the project underscores the significance of maintaining system components through regular updates and conducting comprehensive security audits. A holistic approach, integrating technical and human factors, underscores user awareness and ongoing training as indispensable elements in the endeavor to enhance security in an increasingly digital landscape. "Protecting Web Applications from Authentication Attacks" aims to equip its readers with a comprehensive understanding of authentication system security and offers practical directives for bolstering defense mechanisms in a professional and formal context.

Słowa kluczowe

EN

web application security; cybersecurity; 2FA; authentication; two-factor authentication

PL

bezpieczeństwo aplikacji internetowych; bezpieczeństwo cybernetyczne; 2FA; uwierzytelnianie; uwierzytelnianie dwuskładnikowe

• Wydawca: Patryk Organiściak
• Czasopismo: Advances in Web Development Journal
• Rocznik: 2023
• Tom: Vol. 1
• Strony: 26--42
• Opis fizyczny: Bibliogr. 18 poz., rys.

Twórcy

autor

Gugała Łukasz

• University of Information Technology and Management, Poland

autor

Łaba Kamil

• University of Information Technology and Management, Poland

autor

Dul Magdalena

• Rzeszow University of Technology

Bibliografia

• [1] Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176–8186. doi: 10.1016/j.egyr.2021.08.126
• [2] Usmonov, M. (2021). Identification and Authentication.
• [3] Khan, H. (2013). Comparative Study of Authentication Techniques.
• [4] Erickson, J. (2010). Hacking: the art of exploitation
• [5] Hadnagy C. & Wilson P. A. (2011). Social engineering : the art of human hacking. Wiley.
• [6] Bezpieczne Dane, bezpiecznedane.gov.pl
• [7] Stallings, W. (2016). Network Security Essentials. Pearson
• [8] https://doi.org/10.6028/NIST.SP.800-63-3
• [9] https://www.security.org/how-secure-is-my-password/
• [10] Anderson, R. J. (2021). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley John + Sons.
• [11] Stallings, W. (2016). Cryptography and Network Security: Principles and Practice. Pearson.
• [12] Smith, R. E. (2001). Authentication: From Passwords to Public Keys. Addison-Wesley Professional.
• [13] Stutz, D., Pinto, M., & Inni. (2011). The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. Wiley.
• [14] Cross-Site Request Forgery Prevention Cheat Sheet, OWASP Cheat Sheet Series, https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
• [15] Kim, G., Humble, J., Debois, P., & Willis, J. (2016). The DevOps Handbook: How to Create World-Class Agility, Reliability, & Security in Technology Organizations. IT Revolution Press.
• [16] Compile OpenVAS 7 on CentOS 6, Github, https://elatov.github.io/2014/06/compile-openvas-7-on-centos-6/
• [17] Maher Alsharif, M. A., Shailendra Mishra. (2022). Impact of Human Vulnerabilities on Cybersecurity. Computer Systems Science and Engineering, 40(3), 1153–1166. doi:10.32604/csse.2022.019938
• [18] Bezpieczeństwo API REST –szkolenie, Securitum -bezpieczeństwo systemów IT, https://securitum.pl/szkolenia/bezpieczenstwo-api-rest-szkolenie/

Uwagi

Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).