OWASP Top 10: A01:2021-Broken Access Control

OWASP 2022 | Intermediate

12 videos | 1h 13m 29s
Includes Assessment
Earns a Badge

Resource authorization occurs after successful authentication. Resources include objects such as files, folders, web apps, storage accounts, virtual machines, and more. In this course, learn about various resource access control models, including mandatory (MAC), discretionary (DAC), role-based (RBAC), and attribute-based access control (ABAC). Next, examine how broken access control attacks occur and how HTTP requests and responses interact with web applications. Discover how to set file system permissions in Windows and Linux, assign permissions to code, and digitally sign a PowerShell script. Finally, explore identity federation and how to execute and mitigate broken access control attacks. Upon completion, you'll be able to harden resource access to mitigate broken access control attacks.

WHAT YOU WILL LEARN

discover the key concepts covered in this course

differentiate between mandatory, discretionary, role-based, and attribute-based access control

identify how broken access control attacks occur

identify how HTTP requests and responses interact with web applications

manage Windows file system permissions

manage Linux file system permissions
manage attribute-based file system permissions in Windows

assign permissions for Microsoft Azure managed identities

recognize the role of identity and resource providers in a federated identity environment

execute a directory traversal attack and navigate across web server subdirectories

capture user keystrokes using a hardware keylogger

summarize the key concepts covered in this course

IN THIS COURSE

44s

FREE ACCESS
5m 9s

FREE ACCESS
3. Broken Access Control Attacks

7m

FREE ACCESS
4. HTTP Methods

5m 46s

FREE ACCESS
5. Managing Windows File System Permissions

5m 19s

FREE ACCESS
6. Managing Linux File System Permissions

8m 6s

FREE ACCESS
7. Managing Attribute-based File System Permissions

9m 56s

FREE ACCESS
8. Assigning Permissions for Azure Managed Identities

6m 22s

FREE ACCESS
9. Identity Federation and Claims

9m 45s

FREE ACCESS
10. Executing a Directory Traversal Attack

8m 3s

FREE ACCESS
11. Acquiring Keystrokes Using a Hardware Keylogger

6m 13s

FREE ACCESS
12. Course Summary

1m 6s

FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

Course OWASP Top 10: A2 - Broken Authentication

Course OWASP Top 10: A1 - Injection

Course OWASP Top 10: A09:2021-Security Logging & Monitoring Failures

PEOPLE WHO VIEWED THIS ALSO VIEWED THESE

Course OWASP Overview

Course OWASP Top 10: A06:2021-Vulnerable & Outdated Components

Course OWASP Top 10: Web Application Security

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

OWASP Top 10: A01:2021-Broken Access Control

WHAT YOU WILL LEARN

IN THIS COURSE

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

YOU MIGHT ALSO LIKE

PEOPLE WHO VIEWED THIS ALSO VIEWED THESE