Jump to content

Credential stuffing

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 205.145.107.51 (talk) at 19:15, 19 February 2017. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Credential stuffing is a type of automated threat used to verify the validity of stolen account credentials through a large scale automated login process against a web application.[1] The term was coined by Sumit Agarwal, co-founder of Shape Security, who was serving as Deputy Assistant Secretary of Defense at the Pentagon at the time.[2] Credential Stuffing attacks are considered a rising threat for web and mobile applications as a result of the record number of credential spills.[3]

References

  1. ^ "Credential Stuffing". OWASP.
  2. ^ Townsend, Kevin (January 17, 2017). "Credential Stuffing: a Successful and Growing Attack Methodology". Security Week. Retrieved February 19, 2017.
  3. ^ Chickowski, Ericka (January 17, 2017). "Credential-Stuffing Attacks Take Enterprise Systems By Storm". DarkReading. Retrieved February 19, 2017.
Stub icon

This computer security article is a stub. You can help Wikipedia by expanding it.

Stub icon

This Internet-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Credential_stuffing&oldid=766357854"