Digest authentication is significantly more secure than basic authentication. When a client wants to access a protected resource, the server sends a random string, called a nonce, as a challenge. The client then uses this nonce together with the username and password to calculate an MD5 hash and sends it back to the server for verification.
Digest
by Juned Ahmed Ansari, Gilberto Najera-Gutierrez
Web Penetration Testing with Kali Linux - Third Edition
- Title Page
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Preface
- Introduction to Penetration Testing and Web Applications
- Setting Up Your Lab with Kali Linux
- Reconnaissance and Profiling the Web Server
- Reconnaissance
- Information gathering
- Scanning – probing the target
- Summary
- Authentication and Session Management Flaws
- Authentication schemes in web applications
- Session management mechanisms
- Common authentication flaws in web applications
- Detecting and exploiting improper session management
- Preventing authentication and session attacks
- Summary
- Detecting and Exploiting Injection-Based Flaws
- Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
- Cross-Site Request Forgery, Identification, and Exploitation
- Attacking Flaws in Cryptographic Implementations
- AJAX, HTML5, and Client-Side Attacks
- Other Common Security Flaws in Web Applications
- Using Automated Scanners on Web Applications
- Other Books You May Enjoy
Digest
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.