Combating Broken Authentication and Session Management Attacks
Now-a-days, broken authentication and session management attacks are at peak among online web application attacks. It is because 'Security' is treated as add on or post development activity. Organizations rely on application scans, firewalls, penetrate and patch for mitigating the vulnerabilities. But it doesn't matter how strong the firewalls are or how diligent the scans or patching mechanism are, if the developers of web application do not follow secure coding techniques, attackers will definitely gain effortless unauthorized access to web application through port 80. So, this paper is focused on integrating security during development of web application i.e. in Software Development Life Cycle (SDLC).