Chapter 6 - Attack execution ( 2 ) P a g e | 114
6.1 Web application Authentication methods
HTTP Auth .
Client SSL
HTML Form
Auth . Service s
Web Application Authentication
Authentication as mentioned earlier is the process or action of proving or showing something to be true , genuine , or valid Authentication in web application is done through different methods the most common are :
� HTML Form based authentication : this is the most common method to apply authentication in a web application . The used credentials are mostly the user name and a password but sometimes in critical application extra credentials are applied like the usage of special pin code or a key generate by one time password device .
� Other methods might be depending on HTTP based basic or digest authentication where HTTP basic sends credentials encoded unencrypted with base64 encoding in time where digest method uses hash function to encrypt credentials and nonce value from the server this is why basic HTTP authentication should be used only if the channel is secure with