strong password hashing definitely has it's place as part of overall app. security.
Where I think many/most applications would benefit from more security is in detecting/reacting to attacks.
Most apps have no controls in this line at all, and make an attackers life very easy in that they can keep trying vast numbers of attacks without being blocked by the application.
Where I think many/most applications would benefit from more security is in detecting/reacting to attacks.
Most apps have no controls in this line at all, and make an attackers life very easy in that they can keep trying vast numbers of attacks without being blocked by the application.
There's been some decent foundational work done on this by things like OWASP AppSensor (https://www.owasp.org/index.php/OWASP_AppSensor_Project) but I've not seen many applications actually implement the guidance...