Definition

What is Authentication?

The process of verifying the identity of a user, device, or system before granting access to a resource. Strong authentication mechanisms — including multi-factor authentication (MFA), hardware tokens, and certificate-based authentication — are the first line of defense against unauthorized access. Broken or weak authentication remains one of the most commonly exploited vulnerability classes in web applications and APIs.

Related terms

Authorization →

The process of determining what actions and resources a verified identity is permitted to access or modify.

Multi-Factor Authentication (MFA) →

An authentication mechanism that requires users to present two or more independent verification factors before access is granted: something you know (password), something you have (hardware token or authenticator app), or something you are (biometric).

Broken Authentication →

A class of vulnerabilities that allows attackers to compromise passwords, keys, or session tokens, or exploit implementation flaws to assume other users' identities.

JSON Web Token (JWT) →

A compact, self-contained token format used to transmit claims between parties as a digitally signed JSON object, widely used for API authentication and single sign-on flows.

Put this into practice

Autonomous OWASP vulnerability scanning →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.