Mastering Authentication Vulnerabilities - Ultimate Course
Mastering Authentication Vulnerabilities - Ultimate Course
Published 8/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.01 GB | Duration: 3h 40m
Published 8/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.01 GB | Duration: 3h 40m
How to Find, Exploit and Defend Against Authentication Vulnerabilities. For Ethical Hackers, Developers & Pentesters
What you'll learn
Learn how to find vulnerabilities in authentication mechanisms.
Learn how to exploit authentication vulnerabilities of varying difficulty levels.
Gain hands-on experience exploiting authentication vulnerabilities using Burp Suite Community and Professional editions.
Learn how to automate attacks in Python.
Learn secure coding practices to implement proper authentication mechanisms.
Requirements
Basic knowledge of computers (i.e. how to use the internet).
Basic knowledge of web fundamentals (HTTP requests, methods, cookies, status codes, etc.).
Latest version of Kali Linux VM (free download).
PortSwigger Web Security Academy account to access the labs (free registration).
Description
Authentication flaws are among the most critical security risks facing web applications today. Exploiting this type of vulnerability can lead to unauthorized access, bypassing authentication controls, and potential data breaches. Therefore, mastering the ability to identify and exploit authentication vulnerabilities has become an essential and foundational skill.In this course, we dive into the technical details behind authentication vulnerabilities, the different types of authentication vulnerabilities you may encounter depending on the authentication mechanism that the application is using, how to find these types of vulnerabilities from a black-box perspective and the different ways to exploit authentication vulnerabilities. We also cover how to prevent and mitigate these types of vulnerabilities.This is not your average course that just teaches you the basics of authentication flaws. This course contains over 3 hours worth of HD content that not only describes the technical details behind authentication vulnerabilities, but also contains 14 labs that give you hands-on experience exploiting real-world examples. The labs are of varying difficulty levels starting with really simple examples and slowly moving up in difficulty. You'll gain experience in cracking and brute-forcing user passwords, enumerating usernames, exploiting logic flaws in authentication mechanisms, bypassing 2FA authentication and much more!If you're a penetration tester, application security specialist, bug bounty hunter, software developer, ethical hacker, or just anyone interested in web application security, this course is for you!
Overview
Section 1: Introduction
Lecture 1 Course Introduction
Section 2: Getting Help
Lecture 2 Answering your questions
Lecture 3 Udemy tips and tricks
Section 3: Authentication Vulnerabilities - Technical Deep Dive
Lecture 4 Agenda
Lecture 5 What are Authentication Vulnerabilities?
Lecture 6 How Do You Find & Exploit Authentication Vulnerabilities?
Lecture 7 How Do You Prevent Authentication Vulnerabilities?
Lecture 8 Additional Resources
Section 4: Lab Environment Setup
Lecture 9 Lab Environment Setup
Section 5: Hands-on Authentication Vulnerabilities Labs
Lecture 10 Lab #1 Username enumeration via different responses
Lecture 11 Lab #2 2FA simple bypass
Lecture 12 Lab #3 Password reset broken logic
Lecture 13 Lab #4 Username enumeration via subtly different responses
Lecture 14 Lab #5 Username enumeration via response timing
Lecture 15 Lab #6 Broken brute-force protection, IP block
Lecture 16 Lab #7 Username enumeration via account lock
Lecture 17 Lab #8 2FA broken logic
Lecture 18 Lab #9 Brute-forcing a stay-logged-in cookie
Lecture 19 Lab #10 Offline password cracking
Lecture 20 Lab #11 Password reset poisoning via middleware
Lecture 21 Lab #12 Password brute-force via password change
Lecture 22 Lab #13 Broken brute-force protection, multiple credentials per request
Lecture 23 Lab #14 2FA bypass using a brute-force attack
Section 6: Bonus Lecture
Lecture 24 Bonus Lecture
Penetration testers that want to understand how to find and exploit authentication vulnerabilities.,Software developers that want to understand how to defend against authentication vulnerabilities.,Bug bounty hunters that want to understand how to find and exploit authentication vulnerabilities.,Individuals preparing for the Burp Suite Certified Practitioner (BSCP) exam.,Individuals preparing for the OSWE certification.