OWASP Top 10: A5 - Broken Access Control
OWASP 2021
| Intermediate
- 14 Videos | 1h 31m 4s
- Includes Assessment
- Earns a Badge
Resource authorization occurs after successful authentication. Resources include objects such as files, folders, web apps, storage accounts, virtual machines, and so on. In this course, you'll learn about various resource access control models including MAC, DAC, and RBAC. Next, you'll examine how broken access control attacks occur. You'll then explore HTTP methods, as well as how to set file system permissions in Windows and Linux, assign permissions to code, and digitally sign a PowerShell script. Lastly, you'll learn about identify federation, how to execute broken access control attacks, and how to mitigate broken access control attacks.
WHAT YOU WILL LEARN
-
discover the key concepts covered in this coursedifferentiate between mandatory, discretionary, role-based, and attribute-based access controlidentify how broken access control attacks occuridentify how HTTP requests and responses interact with web applicationsmanage Windows file system permissionsmanage Linux file system permissionsconfigure attribute-based file system permissions in Windows
-
configure permissions for Microsoft Azure managed identitiesdigitally sign a Microsoft PowerShell scriptrecognize the role of identity and resource providers in a federated identity environmentnavigate through web server subdirectories through a web applicationcapture user keystrokes using a hardware keyloggerapply security controls to mitigate broken access control attackssummarize the key concepts covered in this course
IN THIS COURSE
-
1.Course Overview1m 42sUP NEXT
-
2.Access Control Models7m 46s
-
3.Broken Access Control Attacks6m 48s
-
4.HTTP Methods6m 4s
-
5.Managing Windows File System Permissions6m 41s
-
6.Managing Linux File System Permissions8m
-
7.Managing Attribute-based File System Permissions11m 19s
-
8.Assigning Code Permissions in the Cloud7m 9s
-
9.Digitally Signing PowerShell Scripts7m 7s
-
10.Identity Federation and Claims7m 8s
-
11.Executing a Directory Traversal Attack8m 2s
-
12.Acquiring Keystrokes Using a Hardware Keylogger5m 23s
-
13.Mitigating Broken Access Control Attacks6m 47s
-
14.Course Summary1m 10s
EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform
Digital badges are yours to keep, forever.