@article { author = {Aljoaey, Hanan and Almutawa, Khawla and Alabdali, Ruyuf and M.Ibrahim, Dina}, title = {Broken Authentication and Session Management Vulnerabilities}, journal = {The ISC International Journal of Information Security}, volume = {13}, number = {3}, pages = {11-19}, year = {2021}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2021.0.0.0}, abstract = {Web application protection is today’s most important battleground between victim, intruder, and web service resource. User authentication tends to be critical when a legitimate user of the web application abruptly ends contact while the session is still active, and an unauthorized user chooses the same session to gain access to the device. For many corporations, risk detection is still a problem. In other cases, it is a usual way of operating that provides the requisite protection to keep the product free of weaknesses. Using various types of software to identify different security vulnerabilities assists both developers and organizations in securely launch applications, saving time and money.Different combinations of tools have been seen to enhance protection in recent years, but it has not been possible to combine the types of tools available on the market until the writing of this report. The aim of this paper is to clarify vulnerabilities in broken authentication and session management. It is worth noting that if the creator practices the preventive techniques outlined in this article, the chances of exploitation being discussed are reduced. This paperrevealed that the most powerful ways to exploit the Broken Authentication and Session Management vulnerabilities of the web application in those domains are the Session Misconfiguration assault and Cracking/ Guessing Weak Password. Correspondingly included techniques to defend authentication and the most important is using a robust encryption system, setting password rules, and securing the session ID.}, keywords = {Broken Authentication,Session Management,Credential Stuffing,Password Spraying}, url = {https://www.isecure-journal.com/article_150521.html}, eprint = {https://www.isecure-journal.com/article_150521_d37656d499dfb64032c217e98da784bc.pdf} }