OWASP Top 10: A07:2021-Identification & Authentication Failures

OWASP 2022    |    Intermediate
  • 14 Videos | 1h 18m 22s
  • Includes Assessment
  • Earns a Badge
Hardening user and device authentication can go a long way in securing web applications. In this course, learn the difference between authentication and authorization and how they relate to web application security. Next, explore how to hash and encrypt user credentials and harden user accounts through Microsoft Group Policy and practice using freely available tools to crack user credentials in various ways, including the Hydra tool, Burp Suite, and John the Ripper. Finally, learn how to enable user multi-factor authentication and conditional access policies, as well as how to mitigate weak authentication. Upon completion, you'll be able to recognize how to discover and mitigate authentication vulnerabilities using various tools.

WHAT YOU WILL LEARN

  • discover the key concepts covered in this course
    differentiate between authentication and authorization
    recognize how weak authentication configurations can lead to system compromise
    hash user credentials
    encrypt user credentials
    analyze plain text credential transmissions using Wireshark
    deploy password policies to harden user authentication settings using Microsoft Group Policy
  • crack web form passwords using the Hydra tool
    crack web form passwords using Burp Suite
    crack RDP passwords using Hydra
    crack Linux passwords using John the Ripper
    steal user credentials using the Social-Engineer Toolkit (SET)
    enable multi-factor authentication for a Microsoft Azure cloud user account
    summarize the key concepts covered in this course

IN THIS COURSE

  • Playable
    1. 
    Course Overview
    59s
    UP NEXT
  • Playable
    2. 
    Authentication and Authorization
    6m 34s
  • Locked
    3. 
    Broken Authentication Attacks
    5m 48s
  • Locked
    4. 
    Hashing Credentials
    6m 15s
  • Locked
    5. 
    Encrypting Credentials over the Network
    6m 41s
  • Locked
    6. 
    Analyzing Plain Text Transmissions Using Wireshark
    6m 24s
  • Locked
    7. 
    Deploying Password Policies Using Group Policy
    4m 51s
  • Locked
    8. 
    Cracking Web Form Passwords with Hydra
    9m 13s
  • Locked
    9. 
    Cracking Web Form Passwords with Burp Suite
    4m 42s
  • Locked
    10. 
    Cracking RDP Passwords with Hydra
    5m 58s
  • Locked
    11. 
    Cracking Linux User Account Passwords
    6m 33s
  • Locked
    12. 
    Stealing Credentials Using Deception
    5m 59s
  • Locked
    13. 
    Enabling User Multi-factor Authentication
    7m 16s
  • Locked
    14. 
    Course Summary
    1m 10s

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform

Digital badges are yours to keep, forever.