A number of security patterns for Web applications under the DARPA contract have been
developed by Kienzle, Elder, Tyree, and Edwards-Hewitt. Which of the following patterns are
applicable to aspects of authentication in Web applications?b Each correct answer represents a
complete solution. Choose all that apply.
A.
Authenticated session
B.
Secure assertion
C.
Partitioned application
D.
Password authentication
E.
Account lockout
F.
Password propagation
Explanation:
The various patterns applicable to aspects of authentication in the Web applications
are as follows: Account lockout: It implements a limit on the incorrect password attempts to protect
an account from automated password-guessing attacks. Authenticated session: It allows a user to
access more than one access-restricted Web page without re-authenticating every page. It also
integrates user authentication into the basic session model. Password authentication: It provides
protection against weak passwords, automated password-guessing attacks, and mishandling of
passwords. Password propagation: It offers a choice by requiring that a user’s authentication
C are incorrect. Secure assertion and partitioned application patterns are applicable to software
assurance in general.