The form-based authentication scheme works in the following manner:

* A client generates a request for a protected resource (e.g. a transaction details page).
* The Internet Information Server (IIS) receives the request. If the requesting client is authenticated by IIS, the user/client is passed on to the Web application.
* If the client does not contain a valid authentication ticket/cookie, the Web application will redirect the user to the URL where the client is prompted to enter his credentials to gain access to the secure resource.
* On providing the required credentials, the client is authenticated/processed by the Web application.

Explore More

Critical XSS Vulnerability in http://shwephonecard.com registered parent company is “MMM Network L.L.C.”

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical XSS vulnerability on http://www.shwephonecard.com  registered parent company is “MMM Network L.L.C.” These are some information from Vulneral Site http://www.shwephonecard.com:

Read More

What are the security holes in the Basic Authentication scheme?

The Basic Authentication scheme uses the username and password and encrypts the password using base64 encoding. In spite of this, there are still many security holes in the Basic Authentication

Read More

Web threats to surpass e-mail pests

E-mail has traditionally been the top means of attack, with messages laden with Trojan horses and other malicious programs hitting inboxes. But the balance is about to tip as cybercrooks

Read More