Day 28 – Authentication & Authorization
🔐 Day 28: Authentication & Authorization
Bug hunting me sabse important topics me se ek hai Authentication aur Authorization.
Maximum high severity vulnerabilities isi category me milti hain.
Agar aapko ye concept strong hai, to aap real-world bugs find kar sakte ho 🔥
🧑💻 1️⃣ Authentication Kya Hota Hai?
Authentication ka matlab hai:
"Aap kaun ho?" – Identity verify karna
Example:
Username + Password
OTP
Email verification
Biometric login
Jab aap kisi website me login karte ho, system aapki identity verify karta hai. Ye process Authentication kehlata hai.
🏢 Real Example
Jab aap Facebook me login karte ho:
Aap username/password enter karte ho
Server database se match karta hai
Match mila → Login successful
Ye pura process Authentication hai.
🛂 2️⃣ Authorization Kya Hota Hai?
Authorization ka matlab hai:
"Aap kya kar sakte ho?" – Permissions check karna
Example:
Normal user → Sirf apna profile dekh sakta hai
Admin → Sab users delete kar sakta hai
Moderator → Posts edit kar sakta hai
Yani login ke baad system decide karta hai ki user ko kya access milega.
🎯 Authentication vs Authorization
| Authentication | Authorization |
|---|---|
| Identity check | Permission check |
| Login system | Access control |
| Kaun ho? | Kya kar sakte ho? |
🍪 Session & Cookies
Login ke baad server ek session ID generate karta hai.
Example:
PHPSESSID=abc123xyz
Ye session browser me cookie ke form me store hota hai.
Agar session secure nahi hai → Session hijacking possible.
🚨 Common Authentication Vulnerabilities
1️⃣ Weak Password Policy
Simple passwords allow karna.
2️⃣ Brute Force
Unlimited login attempts allow karna.
3️⃣ Missing Rate Limiting
Login attempts limit nahi.
4️⃣ Login Bypass
Authentication logic me flaw.
🔥 Common Authorization Vulnerabilities
1️⃣ IDOR (Insecure Direct Object Reference)
Example:
/profile?id=1001
Agar id change karke dusre user ka data access ho jaye → IDOR bug.
2️⃣ Privilege Escalation
Normal user admin action perform kar sake.
Example:
/admin/delete-user?id=5
Agar server permission check nahi karta → High severity vulnerability.
🛡 Secure Implementation
✔ Strong password policy
✔ Rate limiting
✔ Multi-factor authentication
✔ Proper role-based access control
✔ Server-side authorization checks
🧠 Bug Hunting Checklist
✔ Login bypass possible hai?
✔ Session secure hai?
✔ ID change karke data access ho raha hai?
✔ Normal user admin action kar sakta hai?
✔ Token predictable hai?
🔁 Revision Points
Authentication = Identity verify
Authorization = Permission control
Session & cookies important hote hain
IDOR & Privilege Escalation common bugs hain
Server-side validation mandatory hai