OWASP Top 10: A5 - Broken Access Control

OWASP 2021    |    Intermediate
  • 14 Videos | 1h 31m 4s
  • Includes Assessment
  • Earns a Badge
Likes 21 Likes 21
Resource authorization occurs after successful authentication. Resources include objects such as files, folders, web apps, storage accounts, virtual machines, and so on. In this course, you'll learn about various resource access control models including MAC, DAC, and RBAC. Next, you'll examine how broken access control attacks occur. You'll then explore HTTP methods, as well as how to set file system permissions in Windows and Linux, assign permissions to code, and digitally sign a PowerShell script. Lastly, you'll learn about identify federation, how to execute broken access control attacks, and how to mitigate broken access control attacks.

WHAT YOU WILL LEARN

  • discover the key concepts covered in this course
    differentiate between mandatory, discretionary, role-based, and attribute-based access control
    identify how broken access control attacks occur
    identify how HTTP requests and responses interact with web applications
    manage Windows file system permissions
    manage Linux file system permissions
    configure attribute-based file system permissions in Windows
  • configure permissions for Microsoft Azure managed identities
    digitally sign a Microsoft PowerShell script
    recognize the role of identity and resource providers in a federated identity environment
    navigate through web server subdirectories through a web application
    capture user keystrokes using a hardware keylogger
    apply security controls to mitigate broken access control attacks
    summarize the key concepts covered in this course

IN THIS COURSE

  • Playable
    1. 
    Course Overview
    1m 42s
    UP NEXT
  • Playable
    2. 
    Access Control Models
    7m 46s
  • Locked
    3. 
    Broken Access Control Attacks
    6m 48s
    FREE ACCESS
  • Locked
    4. 
    HTTP Methods
    6m 4s
    FREE ACCESS
  • Locked
    5. 
    Managing Windows File System Permissions
    6m 41s
    FREE ACCESS
  • Locked
    6. 
    Managing Linux File System Permissions
    8m
    FREE ACCESS
  • Locked
    7. 
    Managing Attribute-based File System Permissions
    11m 19s
    FREE ACCESS
  • Locked
    8. 
    Assigning Code Permissions in the Cloud
    7m 9s
    FREE ACCESS
  • Locked
    9. 
    Digitally Signing PowerShell Scripts
    7m 7s
    FREE ACCESS
  • Locked
    10. 
    Identity Federation and Claims
    7m 8s
    FREE ACCESS
  • Locked
    11. 
    Executing a Directory Traversal Attack
    8m 2s
    FREE ACCESS
  • Locked
    12. 
    Acquiring Keystrokes Using a Hardware Keylogger
    5m 23s
    FREE ACCESS
  • Locked
    13. 
    Mitigating Broken Access Control Attacks
    6m 47s
    FREE ACCESS
  • Locked
    14. 
    Course Summary
    1m 10s
    FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

COURSE OWASP Top 10: A04:2021-Insecure Design
COURSE OWASP Top 10: A07:2021-Identification & Authentication Failures
COURSE OWASP Top 10: A3 - Sensitive Data Exposure
Likes 19 Likes 19