3. Eavesdropping
Replay attack
Online dictionary attack
Man in the middle attack
Chosen plaintext attack
Pre-computed dictionary attack
4. HTTP basic authentication
RFC 1945 (Hypertext Transfer Protocol –
HTTP/1.0)
RFC 2616 (Hypertext Transfer Protocol –
HTTP/1.1)
RFC 2617 (HTTP Authentication: Basic and Digest
Access Authentication)
Demo and evaluation
5. Digest access authentication
RFC 2069 (An Extension to HTTP: Digest Access
Authentication)
Demo and evaluation
6. SSL/TLS authentication
Client / server / mutual authentication
RFC 5246 (The Transport Layer Security (TLS)
Protocol Version 1.2)
Evaluation
7. Cookies
Persistent, non-persistent
Secure, non-secure
Session tokens
Session token transmission
Time out
Regeneration of session token
Session token on logout
SSL/TLS session
8. Credit card authentication
ISO/IEC 7810, ISO/IEC 7811, ISO/IEC 7812, ISO/IEC
7813, ISO 8583, and ISO/IEC 4909
Google’s authentication and session
management scheme
9. A Guide to Building Secure Web Applications
[online]
RFC 2617 - HTTP Authentication: Basic and
Digest Access Authentication
RFC 5246 - The Transport Layer Security (TLS)
Protocol Version 1.2