Last week, I learned about different types of authentications which are Client Side authentication, Basic Authentication, Digest Authentication, IWA Authentication, Forms Based Authentication, and OAuth Authentication. I understood that it's important to know what type of authentication a website has because from there, we can deduce what type of security or encryption it does to the data being transmitted to it and from that, we can understand what type of penetration testing that it is vulnerable from. I understood it better when we did an exercise last 2 weeks and it was fun trying to decrypt the username and password in a website that has basic authentication and digest authentication because it uses a simple encryption type which are Base64 and MD5 hashing.
This week I learned more about the different types of session management and that developers should focus more on handling the server security better than the client side because the server side have more security to offer than that of the client side, take for instance, the web certifications and the additional layer of encryption by HTTPS compared to HTTP. Moreover, the session management is a way for websites to keep their session ID's secured because if an attacker tries to track down the session ID, it'll be easier for that attacker to impersonate and access information from that website using someone else's session ID. We also discussed about the different types of pen testing tools which guided us through our exercise as well.
Walang komento:
Mag-post ng isang Komento