ABSTRACT

Many exploits take advantage of confusing identities through masquerade, manin-the-middle (MITM), and other approaches. In a secure environment, actions that provide access and privilege should always be preceded by a strong identity check. Since we know the enemy is present (see Chapter 1, Section 1.4.2), we must avoid any mechanisms that get in between known, vetted identities, like proxies and portals. ese often confuse the identity issue and lead to vulnerabilities and exploits.