Web applications have extensively taken over the roles of atomization and enhancement of prevailing solutions. It also provides different services to the multiple users of the application. In the recent time, performance of the web services are measured through two important properties such as authentication and session management. However, user authentication appears to be crucial when a valid user of the web application inappropriately discontinues their communication while the session remains active and an unauthorized user pick the same session to get access into the system. Broken Authentication and Session Management vulnerability exploitation risk is becoming enormously higher due to attackers creative skills, system's weak design and improper implementation of web applications. The consequence of the above exploitation may result not only identity theft but also removal/tamper confidential information. This paper has analyzed the authentication vulnerability attack i.e. Broken Authentication and Session Management, its exploitation types and their impact upon investigating on 267 websites of public and private sectors in Bangladesh. 56% websites of our samples were found vulnerable with the given weaknesses by conducting the examination using manual penetration testing method following double blind testing strategy. The result shows the impact and percentage of this vulnerability attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.