BROKEN AUTHENTICATION AND SESSION MANAGEMENT

Feature Value
Type Protection
Risk OWASP A2
Covered by Library

These types of weaknesses can allow an attacker to either capture or bypass the authentication methods used by a web application.

The goal of an attack is to take over one or more accounts and for the attacker to get the same privileges as the attacked user.

More information

How to solve it

The information flow control system implemented by Hdiv allows control of the resources (links and forms) exposed by the application and prevents breaking the original contract from the server. In other words, even when the programmer does not use access control systems or ACL (Java EE or Spring Security) Hdiv is able to identify which resource is legally accessible by each user.

With this architecture principle, Hdiv does not allow any access to unauthorized resources.