Add Documentation

AmritaValueCS-22 · AmritaValueCS-22 · commit 9bbc47f3e436 · 2025-09-01T18:42:40.000+05:30
diff --git a/experiment/references.md b/experiment/references.md
@@ -1 +1,9 @@
-### Link your references in here
+### References
+
+1. OWASP Foundation, *Authentication Cheat Sheet*, OWASP, 2023. [Online]. Available: [https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html)
+
+2. OWASP Foundation, *Session Management Cheat Sheet*, OWASP, 2023. [Online]. Available: [https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html](https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html)
+
+3. PortSwigger Web Security Academy, *Authentication vulnerabilities*, PortSwigger, 2023. [Online]. Available: [https://portswigger.net/web-security/authentication](https://portswigger.net/web-security/authentication)
+
+4. MITRE, *CWE-565: Reliance on Cookies without Validation and Integrity Checking*, Common Weakness Enumeration, 2023. [Online]. Available: [https://cwe.mitre.org/data/definitions/565.html](https://cwe.mitre.org/data/definitions/565.html)
diff --git a/experiment/theory.md b/experiment/theory.md
@@ -1,14 +1,48 @@
-### Theory 
-<h4>Overview of Broken Authentication</h4>
-Broken Authentication occurs when an application does not properly manage session or authentication credentials. This can allow an attacker to exploit vulnerabilities in session handling to gain unauthorized access to accounts or functionality, such as an administrative dashboard.
+### Theory
 
+#### Overview of Broken Authentication
+**Broken Authentication** occurs when an application fails to correctly implement authentication or session management. This can allow attackers to bypass login mechanisms, hijack sessions, or gain access to sensitive accounts or functionality (like administrative dashboards).  
 
-<li><b>Session Management:</b> Proper handling of session identifiers to ensure they cannot be easily guessed or manipulated.</li>
-<li><b>Authentication:</b> Verifying the identity of a user or system to ensure they have access to certain resources or data.</li>
-<li><b>Authorization:</b> Determining whether a user has the right to access a particular resource or perform an action.</li>
+Common causes include:  
+- Weak or guessable passwords  
+- Exposed session IDs  
+- Reuse of credentials across multiple accounts  
+- Poorly implemented login mechanisms (e.g., no rate limiting)  
 
-<h4>Cookie-Based Authentication</h4>
-Cookies are often used to store session information on the client-side. When a user logs into a web application, the server typically creates a session and stores the session ID in a cookie. This cookie is then sent with each request to authenticate and maintain the session.
+##### Key Concepts
+1. **Session Management**  
+   - Refers to how applications handle user sessions after a successful login.  
+   - Proper session management ensures that session IDs are unique, randomly generated, expire after inactivity, and are protected from interception or tampering.  
+   - Example of poor session management: using predictable session IDs like `user123` or `session1`.  
 
-<li><b>Session Cookie:</b> A cookie that stores the session identifier which is used to maintain user state and session between requests.</li>
-<li><b>Base64 Encoding:</b> A method to encode binary data into an ASCII string format using a set of 64 printable characters. This is often used for transmitting data in a readable format but does not inherently secure the data.</li>
+2. **Authentication**  
+   - The process of verifying a user’s identity.  
+   - Methods include passwords, multi-factor authentication (MFA), and biometric verification.  
+   - Weak authentication mechanisms make it easier for attackers to impersonate legitimate users.  
+
+3. **Authorization**  
+   - Determines what resources a user can access once authenticated.  
+   - Broken authorization can allow normal users to perform administrative actions or access confidential data.  
+
+
+#### Cookie-Based Authentication
+Cookies are commonly used to manage user sessions in web applications. When a user logs in:  
+1. The server creates a session and generates a unique **session ID**.  
+2. The session ID is stored in a **cookie** on the client-side.  
+3. Every time the client makes a request, the cookie is sent to the server to validate the session.  
+
+##### Key Points
+- **Session Cookie**  
+  - Stores the session ID to maintain continuity between requests.  
+  - Should be set with secure flags like `HttpOnly` and `Secure` to prevent theft via XSS or network interception.  
+
+- **Base64 Encoding**  
+  - Converts binary data (like session tokens) into ASCII strings for safe transmission.  
+  - Important: Base64 is *not encryption*—it does not protect sensitive information from attackers. If an attacker captures a Base64-encoded session ID, they can still use it to impersonate the user.  
+
+
+#### Additional Considerations
+- **Session Expiration:** Sessions should automatically expire after a certain period of inactivity.  
+- **Logout Mechanism:** Users must be able to log out, which should invalidate the session on the server.  
+- **MFA Integration:** Using multi-factor authentication adds an extra layer of security, reducing the impact of credential theft.  
+- **Monitoring:** Detect suspicious login attempts, unusual session activity, and repeated failed login attempts.
