2.Broken Authentication (OWASP TOP 10)

 2.Broken Authentication

* Example scenarios :

Credential stuffing ,the use of lists of known passwords , is a 

common attack if an application does not implement automated threat or credential stuffing  

protections , the application can be used as a password oracle to determine if the credentials 

are valid .

* Application session timeouts aren't set properly . A user uses a public computer to access an application . instead of selecting "logout" the user simply closes the browser tab walks away 

An attacker uses the same browser an hour later , and the uses is still authenticated .