OWASP Top 10: A2 - Broken Authentication

OWASP 2021    |    Intermediate
  • 16 videos | 1h 32m 15s
  • Includes Assessment
  • Earns a Badge
Likes 21 Likes 21
Hardening user and device authentication can go a long way in securing web applications. In this course, you'll start by learning the difference between authentication and authorization, where authorization follows successful authentication. You'll also learn how authentication and authorization are related to web application security. Next, you'll explore how to hash and encrypt user credentials and harden user accounts through Microsoft Group Policy. You'll then examine how to use freely available tools to crack user credentials in various ways, such as using the John the Ripper tool to pass Linux passwords and the Hydra tool to crack RDP passwords. Lastly, you'll learn how to enable user multi-factor authentication and conditional access policies, as well as how to mitigate weak authentication.

WHAT YOU WILL LEARN

  • discover the key concepts covered in this course
    differentiate between authentication and authorization
    recognize how weak authentication configurations can lead to system compromise
    hash user credentials
    encrypt user credentials
    use Wireshark to view plain text credential transmissions
    harden user authentication settings using Microsoft Group Policy
    use the Hydra tool to crack web form user passwords
  • use Burp Suite to crack web form user password
    crack RDP passwords using Hydra
    use John the Ripper to crack Linux passwords
    use the Social Engineering Toolkit (SET) to steal user credentials
    enable multi-factor authentication for a Microsoft Azure cloud user account
    configure a conditional access policy in Microsoft Azure
    recognize how to mitigate broken authentication attacks
    summarize the key concepts covered in this course

IN THIS COURSE

  • 1m 42s
  • 6m 47s
  • Locked
    3.  Broken Authentication Attacks
    6m 2s
  • Locked
    4.  Hashing Credentials
    6m 44s
  • Locked
    5.  Encrypting Credentials over the Network
    5m 29s
  • Locked
    6.  Analyzing Plain Text Transmissions Using Wireshark
    6m 20s
  • Locked
    7.  Deploying Password Policies Using Group Policy
    4m 52s
  • Locked
    8.  Cracking Web Form Passwords with Hydra
    7m 58s
  • Locked
    9.  Cracking Web Form Passwords with Burp Suite
    8m 35s
  • Locked
    10.  Cracking RDP Passwords with Hydra
    6m 18s
  • Locked
    11.  Cracking Linux User Account Passwords
    5m 52s
  • Locked
    12.  Using Deception to Steal Credentials
    5m 26s
  • Locked
    13.  Enabling User Multi-factor Authentication
    7m 52s
  • Locked
    14.  Configuring Conditional Access Policies
    6m 10s
  • Locked
    15.  Mitigating Broken Authentication Attacks
    4m 57s
  • Locked
    16.  Course Summary
    1m 11s

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

Course OWASP Top 10: A3 - Sensitive Data Exposure
Likes 19 Likes 19  
Course OWASP Top 10: Web Application Security
Likes 61 Likes 61  
Course CompTIA A+ Core 2: Operating System Security Best Practices
Likes 2 Likes 2  

PEOPLE WHO VIEWED THIS ALSO VIEWED THESE

Course OWASP Top 10: A7 - Cross-site Scripting
Likes 23 Likes 23  
Course OWASP Top 10: A4 - XML External Entities
Likes 18 Likes 18  
Course OWASP Top 10: Discovering & Exploiting Web App Vulnerabilities
Likes 23 Likes 23