Site icon Narayana Tutorial

Sensitive Parameters are Susceptible to Brute force Attacks OWASP

Sensitive Parameters are Susceptible to Brute force Attacks OWASP

Sensitive parameters such as username, password, server IP, etc.. will be guessed by the attacker by trying a large combination of attempts. Those parameters are susceptible to Brute Force Attack, it is a one of OWASP vulnerability with medium risk. We should avoid the attacker guessing the sensitive parameters by allowing limited combinations while trying to attempts.

 

Mostly this issue will have occurred on the login page. Here attacker will try to guess the password by trying a large combination of attempts. So we need to lock the user after reaching maximum attempts.

There are multiple ways to restrict allowing limited combinations while trying to attempts.

  1. Lock the User when reaching maximum attempts
  2. Restrict IP Address
  3. Implement Strong CAPTCHA

Lock the User when reaching maximum attempts

Restrict IP Address

We can restrict the IP address instead of the lock the user,

This is also similar to Lock the user above but here you need to pass IP address into the database and for every attempt, you need to validate the IP whether it is the same or not.

Note:

If the attacker trying with incorrect data in different IP address then this scenario will not help perfectly because the IP address is different and while validating the IP address its seems to be a new IP address.

For better lock the user instead of blocking the IP address.

Implement Strong CAPTCHA

You can implement strong CAPTCHA. Here Google CAPTCHA is one of the strongest CAPTCHA. You can implement Google CAPTCHA in the login page.