OWASP Top 10: Authentication vulnerabilities ~2023
Foyzul Islam
1:20:18
Description
Vulnerabilities in authentication and authorization | Learn with Fun way
What You'll Learn?
- About Authentication vulnerabilities
- Weak Login Credentials
- Username Enumeration
- HTTP Basic Authentication
- Poor Session Management
- Staying Logged In
- SQL Injection
- Unsecure Password Change and Recovery
- Flawed Two-Factor Authentication
- Vulnerable Authentication Logic
- Human Negligence
Who is this for?
More details
DescriptionA vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.
The OWASP Top 10 provides rankings of—and remediation guidance for—the top 10 most critical web application security risks. Leveraging the extensive knowledge and experience of the OWASP's open community contributors, the report is based on a consensus among security experts from around the world.
What is broken authentication?
Broken authentication is a widely used term reflecting a combination of vulnerabilities related to authentication and flawed implementations of session management functionalities. It lets threat agents exploit weaknesses in session and credentials management implementations.
It is the second most prevalent and impactful vulnerability as per the OWASP “Top 10†list.
What is the difference between authentication and authorization?
Authentication is the process of verifying that a user really is who they claim to be, whereas authorization involves verifying whether a user is allowed to do something.
why need to learn authentication vulnerabilities?
Authentication vulnerabilities have serious repercussions — whether it's because of weak passwords or poor authentication design and implementation. Malicious users can use these vulnerabilities to get access into systems and user accounts to: Steal sensitive information. Masquerade as a legitimate user.
Types of broken authentication attacks
> Session hijacking attack
> Session ID URL rewriting attack
> Session fixation attack
How to prevent broken authentication attacks
Control session length
Rotate and invalidate session IDs
Do not put session IDs in URLs
Who this course is for:
- How wants to Learn Authentication vulnerabilities
- How wants to Learn SQL Injection
- How Loves Web Application penetration testing
- How Wants to be Bug Bounty Hunter
- How wants to practice OWASP Top 10
A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.
The OWASP Top 10 provides rankings of—and remediation guidance for—the top 10 most critical web application security risks. Leveraging the extensive knowledge and experience of the OWASP's open community contributors, the report is based on a consensus among security experts from around the world.
What is broken authentication?
Broken authentication is a widely used term reflecting a combination of vulnerabilities related to authentication and flawed implementations of session management functionalities. It lets threat agents exploit weaknesses in session and credentials management implementations.
It is the second most prevalent and impactful vulnerability as per the OWASP “Top 10†list.
What is the difference between authentication and authorization?
Authentication is the process of verifying that a user really is who they claim to be, whereas authorization involves verifying whether a user is allowed to do something.
why need to learn authentication vulnerabilities?
Authentication vulnerabilities have serious repercussions — whether it's because of weak passwords or poor authentication design and implementation. Malicious users can use these vulnerabilities to get access into systems and user accounts to: Steal sensitive information. Masquerade as a legitimate user.
Types of broken authentication attacks
> Session hijacking attack
> Session ID URL rewriting attack
> Session fixation attack
How to prevent broken authentication attacks
Control session length
Rotate and invalidate session IDs
Do not put session IDs in URLs
Who this course is for:
- How wants to Learn Authentication vulnerabilities
- How wants to Learn SQL Injection
- How Loves Web Application penetration testing
- How Wants to be Bug Bounty Hunter
- How wants to practice OWASP Top 10
User Reviews
Rating
Foyzul Islam
Instructor's Courses
Udemy
View courses Udemy- language english
- Training sessions 6
- duration 1:20:18
- Release Date 2023/03/15
