Saturday, March 27, 2021

Credential Stuffing Attack

Credential Stuffing is a special type of brute-force attack, in which the attacker injects a list of previously breached username and passowords into the target to find a matching account and gain access to the application. A successful attack results in the account take-over and lets the attacker access to the victim's account. From the user's point of view, it is crutial to avoid using similar passwords in different sites, so that the breached accounts could not be used to access other sites. Furthermore, users should avoid using simple passwords. On the other hand, applications should enforce password security policies such as password complexity and length rules as well as preventing password reuse. In addition, multi-factor authentication would be a better solution. There is a comprehensive OWASP cheat sheet for prevention techniques.

OWASP credential stuffing page


Posted by at No comments:
Labels: ,

Friday, January 22, 2021

My Favorite Security Blogs

Security blogs are one of my most favorite things in cyber space. I have been a security blogger since 2005 earlier in Persian and later in English. I also have been a fan of the world-renowned security bloggers, having their blogs in my top reading list. I believe that blogging, in its traditional form, has preserved its value despite the emerge and popularity of new media such as Twitter and Instagram. Here are some of my favorite individuals' security blogs:

Schneier on Security

Krebs on Security

Tao Security Blog

Troy Hunt

Graham Cluley

Lenny Zeltser

Anton on Security

Posted by at No comments:
Labels: ,
Subscribe to: Comments (Atom)