Web App Hacking: Hacking Authentication
|
This course helps to understand different types of vulnerabilities in an authentication mechanism. You’ll learn how to test web applications for various authentication flaws and how to provide countermeasures for these problems.
Authentication plays a crucial role in web application security. In this course, Web App Hacking: Hacking Authentication, you’ll learn about different types of vulnerabilities in an authentication mechanism. First, you’ll explore how the attacker can bypass password verification with SQL injection, and how they can learn a user’s password with dictionary attack. Next, you’ll cover how your credentials can be disclosed over an insecure channel when HTTPS is insecurely implemented in the web application. Additionally, you’ll discover how the attacker can impersonate you when the session ID isn’t regenerated at the time of authentication, and how the attacker can learn who is registered in the web application. Finally, you’ll dive into industry best practices related to the authentication mechanism. By the end of the course, you’ll know how to test web applications for various authentication flaws and how to provide countermeasures for these problems.
Author Name: Dawid Czagan
Author Description:
Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings. He has delivered security training courses at key industry conferences, such as Hack In The Box, CanSecWest, 44CON, Hack In Paris, DeepSec, BruCON, and for many corporate clients. His students include security specialists from Oracle, Adobe, Red H… more
User Reviews
Be the first to review “Web App Hacking: Hacking Authentication”
Related Products
Metasploit: Getting Started
Penetration testing is an exciting way to blend an attacker mindset with the tools needed to identify security problems. This course will teach you the basics of the Metasploit Framework to test and exploit vulnerable systems.
Social Engineering: Executive Briefing
Social engineering poses a potential threat to not only employees at an organization, but also directly to company executives. In this executive briefing, we will look at understand what social engineering and how you can protect yourself from it.
Advanced Cyber Defense Analysis with Wireshark
As a member of the security team, you will need to have the skills required to help with mitigating potential attacks. This course will prepare you to use the Wireshark utility to help in this mitigation.
Command and Control with Sliver
Are you looking for a versatile command and control server with implants for almost every architecture? In this course, you will learn Command and Control using Sliver.
Scan Web Applications with Bash
Enumerating web applications is the first step of a web application penetration testing. This course will teach you how to enumerate and find vulnerabilities in web applications using Bash.
Exploitation with PowerShell
Learning about PowerShell exploitation techniques and tools is of vital importance for successfully running red team operations or penetration tests in Windows environments.
There are no reviews yet.