Broken Authentication, previously a standalone category, has been reclassified in the proposed OWASP Top 10 2021 list as part of "Identification and Authentication Failures" due to the increased use of standardized frameworks. This vulnerability encompasses various security flaws related to errors in authentication and session management implementations, which are prevalent because developers often create their own solutions that are difficult to perfect. The potential impact of these vulnerabilities can be significant, especially if attackers gain access to admin accounts, while their exploitability varies depending on the specific issue. Examples include storing passwords in plain text, as seen in the 000webhost breach, and session fixation vulnerabilities, such as those where session IDs are inadvertently shared in URLs. Detectify offers automated scanning to identify such vulnerabilities, but thorough manual review of the code is often necessary for comprehensive coverage. Remediation involves integrating security measures early in the development process, utilizing tested solutions, and creating APIs that prevent misuse to minimize developer errors.