Authentication is the way your users let your application know who they are. When vulnerable, your application can take actions or show information to someone who shouldn't be allowed to have access.
Generally, these vulnerabilities allow someone to easily fool the system. The system can accept that they are an accredited user without needing to provide actual proof.
How to do it with OutSystems Platform
The recommended strategy is that you always use an HTTPS channel.
Specifically for the following use cases, the corresponding actions are recommended:
|Send sensitive information in clear text||Use HTTPS, enable HSTS (see Enforce HTTPS Security)|
|Send session ID in clear text||Use HTTPS, enable HSTS (see Enforce HTTPS Security)|
To learn how to protect your OutSystems apps against other common types of attacks, check how OutSystems Platfom helps you develop secure applications.