Rails Security Threats: Authentication

In the second article of our series about OWASP Top 10 Web Application Security Risks, we'll dive into the universe of broken authentication and data exposure threats.More specifically, we'll talk about how easy it is for a hacker to trick the code you've built and perform attacks to obtain users’ data:User enumeration: When they exploit your login pages by brute-force testing a list of possible users just to check if they exist in your database.Weak passwords: When your system allows for weak passwords, hackers can carry out a brute force attack to guess your users' passwords.Unrestricted cookies: When your system stores sensitive data in cookies without proper security settings, hackers can steal the information through XSS attacks.We will also go into detail about sensitive data that are not sufficiently protected, making room for vulnerabilities, such as the following:.