Missing Authentication Anti-Pattern

Severity: Critical

Summary

Missing or broken authentication occurs when applications fail to verify user identity, allowing unauthorized access to protected data and functionality. This manifests as unprotected endpoints, missing session checks, or weak credential verification vulnerable to bypass or brute-force. AI-generated code frequently produces insecure boilerplate with stubbed or missing authentication checks.

The Anti-Pattern

Never create endpoints accessing sensitive data or functionality without verifying user identity and validating active sessions.

BAD Code Example

# VULNERABLE: Critical API endpoint without authentication check
from flask import request, jsonify
from db import User, session