Web App Hacking: Hacking Authentication

This course helps to understand different types of vulnerabilities in an authentication mechanism. You'll learn how to test web applications for various authentication flaws and how to provide countermeasures for these problems.
Course info
Level
Beginner
Updated
Aug 9, 2017
Duration
1h 1m
Table of contents
Description
Course info
Level
Beginner
Updated
Aug 9, 2017
Duration
1h 1m
Description

Authentication plays a crucial role in web application security. In this course, Web App Hacking: Hacking Authentication, you’ll learn about different types of vulnerabilities in an authentication mechanism. First, you’ll explore how the attacker can bypass password verification with SQL injection, and how they can learn a user’s password with dictionary attack. Next, you’ll cover how your credentials can be disclosed over an insecure channel when HTTPS is insecurely implemented in the web application. Additionally, you’ll discover how the attacker can impersonate you when the session ID isn't regenerated at the time of authentication, and how the attacker can learn who is registered in the web application. Finally, you’ll dive into industry best practices related to the authentication mechanism. By the end of the course, you'll know how to test web applications for various authentication flaws and how to provide countermeasures for these problems.

About the author
About the author

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings.

More from the author
More courses by Dawid Czagan
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Dawid. Welcome to my course, Web App Hacking: Hacking Authentication. I am a security instructor, researcher, and buck hunter. In this course I will discuss different types of vulnerabilities in authentication mechanisms. You will learn how to test web applications for various authentication flaws and how to provide the counter measures for these problems. I will show you how the attacker can bypass password verification with SQL injection. I will present how the attacker can learn user's password with dictionary attack. I will demonstrate how your credentials can be disclosed over an insecure channel when HTTPS is insecurely implemented in your web application. I will show you how the attack can impersonate you when session ID is not regenerated at the time of authentication. I will present how the attack can learn who is registered in your web application, and I will discuss industry best practices related to authentication mechanisms. By the end of the course you will know how to test web applications for various authentication flaws. You will also learn how to prevent these problems from happening. I hope you will join me on this journey to learn about attacks on authentication with the Web App Hacking: Hacking Authentication course at Pluralsight.