Web applications attacks/Weak encryption
Jump to navigation
Jump to search
Description
Many web applications protect their access with an encryption/authentication mechanism. Be careful to apply a strong mechanism. Indeed, weak encryptions can easily be reversed-engineered.
An encryption is qualified as "weak" when it is easily predictable.
Example
- WebGoat, Insecure lient Storage lesson shows how to crack a client-side weak encryption mechanism.
- WebGoat, Spoof an authentication cookie is another example of a predictable session due to a weak encryption mechanism.
- HackThisSite.org, Basic, Level 6 shows how to reverse-engineer a weak encryption mechanism to decrypt a password from its encrypted form.