DevShed continues their series focusing on the security of your web application in this fifth part of the series. This time they look at preventing attacks on your app via correct authentication.
You will probably recall from the last article that I mentioned the existence of two methods of authentication and discussed the first one, which is through an HTML form. In this article, the fifth one in an eight-part series, we'll start with the second method of authentication. We'll also discuss how attackers may gain access to your system.
This authentication method uses a simple form to let the user pass in their credentials. Unfortunately, because of its simplicity, this also opens it up to three kinds of attacks - password sniffing, reply attacks and brute force attacks.