OWASP Top 10: A01:2021-Broken Access Control

OWASP 2022    |    Intermediate
  • 12 Videos | 1h 13m 29s
  • Includes Assessment
  • Earns a Badge
Resource authorization occurs after successful authentication. Resources include objects such as files, folders, web apps, storage accounts, virtual machines, and more. In this course, learn about various resource access control models, including mandatory (MAC), discretionary (DAC), role-based (RBAC), and attribute-based access control (ABAC). Next, examine how broken access control attacks occur and how HTTP requests and responses interact with web applications. Discover how to set file system permissions in Windows and Linux, assign permissions to code, and digitally sign a PowerShell script. Finally, explore identity federation and how to execute and mitigate broken access control attacks. Upon completion, you'll be able to harden resource access to mitigate broken access control attacks.

WHAT YOU WILL LEARN

  • discover the key concepts covered in this course
    differentiate between mandatory, discretionary, role-based, and attribute-based access control
    identify how broken access control attacks occur
    identify how HTTP requests and responses interact with web applications
    manage Windows file system permissions
    manage Linux file system permissions
  • manage attribute-based file system permissions in Windows
    assign permissions for Microsoft Azure managed identities
    recognize the role of identity and resource providers in a federated identity environment
    execute a directory traversal attack and navigate across web server subdirectories
    capture user keystrokes using a hardware keylogger
    summarize the key concepts covered in this course

IN THIS COURSE

  • Playable
    1. 
    Course Overview
    44s
    UP NEXT
  • Playable
    2. 
    Access Control Models
    5m 9s
  • Locked
    3. 
    Broken Access Control Attacks
    7m
  • Locked
    4. 
    HTTP Methods
    5m 46s
  • Locked
    5. 
    Managing Windows File System Permissions
    5m 19s
  • Locked
    6. 
    Managing Linux File System Permissions
    8m 6s
  • Locked
    7. 
    Managing Attribute-based File System Permissions
    9m 56s
  • Locked
    8. 
    Assigning Permissions for Azure Managed Identities
    6m 22s
  • Locked
    9. 
    Identity Federation and Claims
    9m 45s
  • Locked
    10. 
    Executing a Directory Traversal Attack
    8m 3s
  • Locked
    11. 
    Acquiring Keystrokes Using a Hardware Keylogger
    6m 13s
  • Locked
    12. 
    Course Summary
    1m 6s

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform

Digital badges are yours to keep, forever.