OWASP Top 10: A5 - Broken Access Control

OWASP 2021    |    Intermediate
  • 14 videos | 1h 31m 4s
  • Includes Assessment
  • Earns a Badge
Likes 21 Likes 21
Resource authorization occurs after successful authentication. Resources include objects such as files, folders, web apps, storage accounts, virtual machines, and so on. In this course, you'll learn about various resource access control models including MAC, DAC, and RBAC. Next, you'll examine how broken access control attacks occur. You'll then explore HTTP methods, as well as how to set file system permissions in Windows and Linux, assign permissions to code, and digitally sign a PowerShell script. Lastly, you'll learn about identify federation, how to execute broken access control attacks, and how to mitigate broken access control attacks.

WHAT YOU WILL LEARN

  • discover the key concepts covered in this course
    differentiate between mandatory, discretionary, role-based, and attribute-based access control
    identify how broken access control attacks occur
    identify how HTTP requests and responses interact with web applications
    manage Windows file system permissions
    manage Linux file system permissions
    configure attribute-based file system permissions in Windows
  • configure permissions for Microsoft Azure managed identities
    digitally sign a Microsoft PowerShell script
    recognize the role of identity and resource providers in a federated identity environment
    navigate through web server subdirectories through a web application
    capture user keystrokes using a hardware keylogger
    apply security controls to mitigate broken access control attacks
    summarize the key concepts covered in this course

IN THIS COURSE

  • 1m 42s
  • 7m 46s
  • Locked
    3.  Broken Access Control Attacks
    6m 48s
  • Locked
    4.  HTTP Methods
    6m 4s
  • Locked
    5.  Managing Windows File System Permissions
    6m 41s
  • Locked
    6.  Managing Linux File System Permissions
    8m
  • Locked
    7.  Managing Attribute-based File System Permissions
    11m 19s
  • Locked
    8.  Assigning Code Permissions in the Cloud
    7m 9s
  • Locked
    9.  Digitally Signing PowerShell Scripts
    7m 7s
  • Locked
    10.  Identity Federation and Claims
    7m 8s
  • Locked
    11.  Executing a Directory Traversal Attack
    8m 2s
  • Locked
    12.  Acquiring Keystrokes Using a Hardware Keylogger
    5m 23s
  • Locked
    13.  Mitigating Broken Access Control Attacks
    6m 47s
  • Locked
    14.  Course Summary
    1m 10s

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

Course OWASP Top 10: A09:2021-Security Logging & Monitoring Failures
Course OWASP Top 10: A07:2021-Identification & Authentication Failures
Course OWASP Top 10: A05:2021-Security Misconfiguration

PEOPLE WHO VIEWED THIS ALSO VIEWED THESE

Course OWASP Top 10: Discovering & Exploiting Web App Vulnerabilities
Likes 23 Likes 23  
Course OWASP Top 10: A2 - Broken Authentication
Likes 21 Likes 21  
Course OWASP Top 10: A10 - Insufficient Logging & Monitoring
Likes 19 Likes 19