logo

Identification and Authentication Failures

Identification and authentication failures occur when an application fails to properly verify the identity of users or fails to adequately authenticate users before granting access to sensitive functionality or data. Attackers can exploit identification and authentication failures to gain unauthorized access to the application.

Anti-patterns

Insecure storage of sensitive information

Sensitive information such as tokens, secrets and passwords should never be stored in the database.
View anti-pattern

Use of Session IDs in Visualforce

Session IDs should be treated as secrets and handled with care, as they may allow access to the Salesforce API on behalf of the running user.
View anti-pattern

Insecure use of HTTP Referer Header

HTTP Referer headers can be modified by attackers. Making a decision based on the value of the referer can be dangerous.
View anti-pattern