Mitigating the authentication vulnerabilities in Web applications through security requirements

Abstract

To design and implement secure web applications an analysis must start with an understanding of the risks to which application will be exposed. Business-centric Web applications need complex authentication policies to securely implement business processes. Threats against the confidentiality, availability and integrity of the data stored, processed and transmitted by application need to be matched against the policies, technologies and human factors that would protect them. The goal of this paper is to provide an insight into the secure development of web applications by exposing the pitfalls often encountered related to the authentication process and to security requirements that will ensure application is resilient to these attacks.