Authentication is a cornerstone capability of any application. Ensuring a user is who they say they are is crucial to maintaining data privacy and preventing fraud and data breaches. Consequently, improperly implemented authentication, known as broken authentication, is a potentially devastating application vulnerability. In fact, the Open Web Application Security Project (OWASP) lists broken authentication as the second most critical security risk to web applications.
This whitepaper will provide an overview of broken authentication: why it’s so dangerous, the types of threats that can take advantage of this vulnerability, and how Auth0 prevents broken authentication.