[Isabelle Tubbs]

One main OWASP security principle is broken authentication. Authentication can be vulnerable when the design of the authentication is flawed, or it could be that the way it was used or configured was flawed. Whatever the reason may be, authentication in this state allows attackers to use automated tools to eventually hack in. To threaten an entire system, the attacker may need to only get access to a certain number of accounts or to the administrative account.

Once the attacker gets into the system, this actually leads to a second OWASP principle: sensitive data exposure. A hacked system that has valuable information can affect not only the platform but also its users and their information. As a result, taking measures to prevent these types of attacks is important for securing the whole system. Ensuring trusted authentication design and configuration, as well as using strong authentication like multi-factor authentication, can help maintain more security on a system.