OWASP Top 10: A2 - Broken Authentication

OWASP 2021    |    Intermediate
  • 16 Videos | 1h 32m 15s
  • Includes Assessment
  • Earns a Badge
Hardening user and device authentication can go a long way in securing web applications. In this course, you'll start by learning the difference between authentication and authorization, where authorization follows successful authentication. You'll also learn how authentication and authorization are related to web application security. Next, you'll explore how to hash and encrypt user credentials and harden user accounts through Microsoft Group Policy. You'll then examine how to use freely available tools to crack user credentials in various ways, such as using the John the Ripper tool to pass Linux passwords and the Hydra tool to crack RDP passwords. Lastly, you'll learn how to enable user multi-factor authentication and conditional access policies, as well as how to mitigate weak authentication.

WHAT YOU WILL LEARN

  • discover the key concepts covered in this course
    differentiate between authentication and authorization
    recognize how weak authentication configurations can lead to system compromise
    hash user credentials
    encrypt user credentials
    use Wireshark to view plain text credential transmissions
    harden user authentication settings using Microsoft Group Policy
    use the Hydra tool to crack web form user passwords
  • use Burp Suite to crack web form user password
    crack RDP passwords using Hydra
    use John the Ripper to crack Linux passwords
    use the Social Engineering Toolkit (SET) to steal user credentials
    enable multi-factor authentication for a Microsoft Azure cloud user account
    configure a conditional access policy in Microsoft Azure
    recognize how to mitigate broken authentication attacks
    summarize the key concepts covered in this course

IN THIS COURSE

  • Playable
    1. 
    Course Overview
    1m 42s
    UP NEXT
  • Playable
    2. 
    Authentication and Authorization
    6m 47s
  • Locked
    3. 
    Broken Authentication Attacks
    6m 2s
    FREE ACCESS
  • Locked
    4. 
    Hashing Credentials
    6m 44s
    FREE ACCESS
  • Locked
    5. 
    Encrypting Credentials over the Network
    5m 29s
    FREE ACCESS
  • Locked
    6. 
    Analyzing Plain Text Transmissions Using Wireshark
    6m 20s
    FREE ACCESS
  • Locked
    7. 
    Deploying Password Policies Using Group Policy
    4m 52s
    FREE ACCESS
  • Locked
    8. 
    Cracking Web Form Passwords with Hydra
    7m 58s
    FREE ACCESS
  • Locked
    9. 
    Cracking Web Form Passwords with Burp Suite
    8m 35s
    FREE ACCESS
  • Locked
    10. 
    Cracking RDP Passwords with Hydra
    6m 18s
    FREE ACCESS
  • Locked
    11. 
    Cracking Linux User Account Passwords
    5m 52s
    FREE ACCESS
  • Locked
    12. 
    Using Deception to Steal Credentials
    5m 26s
    FREE ACCESS
  • Locked
    13. 
    Enabling User Multi-factor Authentication
    7m 52s
    FREE ACCESS
  • Locked
    14. 
    Configuring Conditional Access Policies
    6m 10s
    FREE ACCESS
  • Locked
    15. 
    Mitigating Broken Authentication Attacks
    4m 57s
    FREE ACCESS
  • Locked
    16. 
    Course Summary
    1m 11s
    FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

COURSE CompTIA CASP+: Authentication & Authorization
COURSE CISM 2020: IT Security Policies
COURSE AWS SysOps Associate 2021: Cryptography
Likes 5 Likes 5