When developing a Web application, any design error in authentication handling may lead to bypassing the authentication
Recently, a well-known Web application was exposed to a security flaw. This application was secured by a robust two-factor
authentication. Unfortunately, it was possible to bypass this strong authentication by using web APIs exposed to the mobile Apps.
New pattern designs allow developing seamlessly for Web and mobile applications, by using web APIs exposing the same features to both worlds. Authentication and access control must be correctly adapted and managed, and no security shortcuts must be possible.
High-skilled developers are the only ones able to develop with all those constraints but even they may introduce weaknesses.
A Web Access Manager integrates the Dynamic Authentication management and the Dynamic Authorization management while protecting and hiding the protected Web application resources. The level of security of the web access will depend only on a single component: the WAM. Web applications are protected without security shortcuts, even if new services are developed and deployed.