|
|
 |
| |
|
|
|
Analysis of Authentication Methods and Secure Web Application Realization With an Integrated Authentication System |
|
|
|
PP: 1027-1038 |
|
|
|
doi:10.18576/amis/190505
|
|
|
|
Author(s) |
|
|
|
Abed Saif Ahmed Alghawli,
|
|
|
|
Abstract |
|
|
| The number of cyberattacks is growing every year, and their main goal is to steal personal and confidential data. In most cases, this happens through hacking or theft of web application user credentials due to vulnerabilities in authentication and authorization methods, which in most cases occur due to incorrectly implemented authentication methods. The use of modern authentication methods and their correct use and configuration in web applications are critical features of secure and resilient web applications. This article analyzes the authentication methods for web applications, their vulnerabilities, and a variety of attacks on them, which lead to high risks in their implementation and further use. A standard web application has been created that is similar to the one created based on the Shopify web application builder with authentication based on the Hypertext Transfer Protocol cookie session. The risks of vulnerabilities and attacks on the created web application were analyzed, and considering its results, advantages and disadvantages of authentication methods; the web application was improved: authentication methods, application settings, and security features. The two most secure authentication methods were selected for the web application: JWT Access/Refresh token with browser fingerprints and OAuth 2.0 standard, based on which the improved web application was implemented. A risk analysis of vulnerabilities and attacks on the improved web application has been carried out, which showed that the risks of vulnerabilities and attacks on it are very low. The correct implementation and configuration of the JWT Access/Refresh token authentication method in combination with browser fingerprints is presented, and an analysis of its use is carried out, which shows that this combination provides reliable prevention of token theft and use from another computer. The author also implements authentication using OAuth 2.0 in combination with browser fingerprints and describes its correct implementation and configuration. When analyzing its use, it turned out that delegating authentication to Facebook or Google services can provide a low level of risk of attacks and vulnerabilities on a web application.
|
|
|
|
|
|
|
|
