It is known that security testing of web software requires more efforts than verifying security during desktop testing.
Though web software is more exposed to cyber-attacks due to peculiarity of web technology, users of mobile and desktop applications want to be sure that their personal and business data are safe as well.
A brute-force attack is one of popular ways of getting an unauthorized access to somebody’s data in any kind of software. Hackers use a real username and try to guess or pick the password to the user account. It may be hard to do it manually, but there are numerous tools that can be used for this purpose.
Automate testing is often applied for verifying whether it is possible to break into the system by means of a brute-force attack. Test engineers use the same tools as hackers.
Experts in web site testing, desktop testing, mobile testing claim that the simplest and efficient way of dealing with brute-force attacks is suspending and blocking the account after several inputs of an incorrect password. As a rule, programs give 3 or 5 attempts, if a wrong password is input 3 or 5 times, the account gets suspended for half an hour or 24 hours.
If the mechanism of account suspending works fine, the software is considered to be protected from brute-force attacks.