OWASP Top 10: A01:2021-Broken Access Control
OWASP 2022
| Intermediate
- 12 Videos | 1h 13m 29s
- Includes Assessment
- Earns a Badge
Resource authorization occurs after successful authentication. Resources include objects such as files, folders, web apps, storage accounts, virtual machines, and more. In this course, learn about various resource access control models, including mandatory (MAC), discretionary (DAC), role-based (RBAC), and attribute-based access control (ABAC). Next, examine how broken access control attacks occur and how HTTP requests and responses interact with web applications. Discover how to set file system permissions in Windows and Linux, assign permissions to code, and digitally sign a PowerShell script. Finally, explore identity federation and how to execute and mitigate broken access control attacks. Upon completion, you'll be able to harden resource access to mitigate broken access control attacks.
WHAT YOU WILL LEARN
-
discover the key concepts covered in this coursedifferentiate between mandatory, discretionary, role-based, and attribute-based access controlidentify how broken access control attacks occuridentify how HTTP requests and responses interact with web applicationsmanage Windows file system permissionsmanage Linux file system permissions
-
manage attribute-based file system permissions in Windowsassign permissions for Microsoft Azure managed identitiesrecognize the role of identity and resource providers in a federated identity environmentexecute a directory traversal attack and navigate across web server subdirectoriescapture user keystrokes using a hardware keyloggersummarize the key concepts covered in this course
IN THIS COURSE
-
1.Course Overview44sUP NEXT
-
2.Access Control Models5m 9s
-
3.Broken Access Control Attacks7m
-
4.HTTP Methods5m 46s
-
5.Managing Windows File System Permissions5m 19s
-
6.Managing Linux File System Permissions8m 6s
-
7.Managing Attribute-based File System Permissions9m 56s
-
8.Assigning Permissions for Azure Managed Identities6m 22s
-
9.Identity Federation and Claims9m 45s
-
10.Executing a Directory Traversal Attack8m 3s
-
11.Acquiring Keystrokes Using a Hardware Keylogger6m 13s
-
12.Course Summary1m 6s
EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform
Digital badges are yours to keep, forever.