Cracking passwords to web applications

Many web applications can be broken into. How?

Some common vulnerabilities that can easily lead to an attacker cracking Web passwords include the following:

• No intruder lockout after a certain number of failed attempts
• Intruder lockout time that's too short
• Allowing simultaneous logins from the same or multiple hosts
• Transmitting login traffic via HTTP and not using SSL

Want to see tools and examples? See the article by Kevin Beaver.