Broken authentication is an ongoing issue, identified in the OWASP Top 10 2013 and 2017 (A2 in both). While broken authentication can span multiple topics, this presentation focuses mainly on attacking single factor authentication using usernames and passwords, however other authentication/authorization flaws will be touched on. Methods and techniques will be discussed to perform reconnaissance/scanning, username enumeration, account lockout bypass, various password attacks, and more.
Jake is a penetration tester for Jacobs Engineering Group, primarily focusing on web application security. Prior to penetration testing, he was a Security Controls Assessor, a SOC analyst, and a Navy Submariner. He blogs about security on https://laconicwolf.com, writes a fair amount of Python and PowerShell code on https://github.com/laconicwolf, and occasionally tweets (@laconicwolf). Aside from security and coding, he enjoys spending time with his family and participating in ultra-running and obstacle races.