Enhancing Web Application Security Using Another Factor presented at LASCON 2010

by Asad Ali, Karen Lu,

Tags: Web Application Security

URL : http://www.owasp.org/index.php/Lonestar_Application_Security_Conference_2010#tab=Sessions

Summary : As web applications have become a necessity of contemporary societies, there is an increasing need to secure access to these applications. This talk explains how web applications can add the "what-you-have" factor to strengthen user authentication and enhance the security, without compromising the ease of use generally associated with the traditional username/password method. In particular, we will describe smart card based authentication methods, including OTP, TLS mutual authentication, and X.509 certificate-based challenge/response. Although these methods have their strengths and weaknesses in terms ofsecurity and usability, they all significantly enhance the authentication for web applications.