All threats

broken-authentication

Weak authentication mechanisms allow attackers to compromise user accounts

MITRE ATT&CK techniques

Common Weakness Enumeration

• CWE-287
• CWE-307

Mitigating controls

ctrl-auth-1

Implement multi-factor authentication

ctrl-auth-2

Enforce strong password policies

ctrl-auth-3

Implement account lockout mechanisms

ctrl-auth-4

Use secure session management

ctrl-auth-5

Implement rate limiting on authentication endpoints

References

• https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/
• https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html