Web application security - the fast guide 1.1

Chapter 1 - information Security overview P a g e | 18 Request Session info Session info Session info SessionID Client1 Response SessionID Request Response Client2 Request Web server Response SessionID Client3 Figure 9: Session Management b. Authentication: Is the method used to identify the user trying to access the application, normally anonymous unauthenticated personnel are treated as guest and provided with specific level of access depending on the nature of the application. The simplest approach to apply authentication in web application is usually through user name and password combination. The provided credentials should abide a set of conditions to minimize the possibility of guessing those credentials. More critical web application should be depending on extra credentials like challenge codes, smart & magnetic cards or biometric approaches Figure 10: Credentials based on Smart card, Biometrics and one time password c. Access control: Authentication of users accessing the applications is only the first step that will pave to control different users access to application resources and functionalities. This task is called “Authorization” and it means to specify “WHO” access “WHAT”.

Web application security - the fast guide 1.1 | Page 18