Code Review: Ruby Snippet #1

image of exercise Code Review: Ruby Snippet #1
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Code Review: Ruby Snippet #1

In this video, we review a Ruby on Rails code snippet focusing on the MFAController to identify a security flaw related to brute force protection. We discuss how the reliance on signed sessions allows an attacker to bypass brute force prevention by replaying old session cookies.

video duration icon02:43 number of views icon1856