Root cause analysis of session management and broken authentication vulnerabilities

摘要

While there are numerous approaches to secure web applications as one of the most prevalent ways to harness the potential of the Internet, attackers almost daily come up with new attempts to exploit various vulnerabilities and compromise data found on the Net. One of the possible venues to attain sustainable solutions is to follow strategic approaches based on detailed analysis and understanding of problems rather than some of the common tactical and often reactive methods. The aim of the paper is to explore employment of Root Cause Analysis (RCA) in session management and broken authentication vulnerabilities and how it can be utilized to improve some security aspects of web applications. By employing RCA, we were able to identify 11 root causes of session management vulnerabilities and 9 root causes of broken authentication vulnerabilities. In addition, the approach provided a detailed, almost macroscopic, view of the vulnerabilities, which consequently led to effective solutions that can minimize the recurrence of attacks on web applications.