Penetration Testing of Identity, Authentication and Authorization Mechanism

By Prasad Salvi
Learn how you can perform web application penetration testing on a website’s Identity Management, Authentication and Authorization mechanism and help organizations view their security posture before a malicious hacker exploits them.
Play course overview
Course info
Rating
(25)
Level
Intermediate
Updated
Aug 12, 2019
Duration
57m
Table of contents
Course Overview
Course Overview 1m
Testing Identity Management
Introduction 3m Identity Management Basics 3m Demo: Weak Techniques 10m Summary 0m
Breaking the Authentication Mechanism
Introduction 5m Test for Credentials In Transit 3m Test for Default Credentials 3m Password Management 4m Test for SQL Injection 3m Test for Weak Password Policy 1m Test For Browser Cache Weakness 3m Summary 3m
Bypassing Authorization to Gain Unauthorized Access
Introduction 4m Test For Directory Traversal 3m Test For Privilege Escalation 3m Summary 2m
Summary and Wrap Up
Course Summary 2m
Description
Course info
Rating
(25)
Level
Intermediate
Updated
Aug 12, 2019
Duration
57m
Description

Hackers are getting access to your sensitive data by exploiting web application vulnerabilities. In this course, Penetration Testing of Identity, Authentication and Authorization Mechanism, you will gain the ability to perform web application pentesting. First, you will learn Identity Management. Next, you will discover how to crack a websites' Authentication. Finally, you will explore how to bypass Authorization mechanism. When you’re finished with this course, you will have the skills and knowledge of web application penetration testing needed to perform different attack scenarios.

About the author
Prasad Salvi
About the author

Prasad is an Application Security Consultant with primary focus on providing services across the Secure Development Life cycle, Application Security and Penetration Testing spectrum. He is a part time bug bounty hunter.

Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
(Music) Hi everyone. My name is Prasad Salvi, and welcome to my course, Penetration Testing of Identity, Authentication, and Authorization Mechanism. I'm an application security consultant and penetration tester at a large payment processing company. Did you know that many pen testers today are only focusing on very high level test cases while performing security testing? This course is designed to expand your knowledge beyond focusing on well-known attack techniques. We will be attacking web applications through a hands-on approach using Burp Suite as a pen testing tool of choice. Some of the major topics that we will cover include identity management testing, cracking authentication, and bypassing authorization checks. By the end of this course, you will know how to perform all these techniques at a comfortable and efficient level to better perform your job as a pen tester. Before beginning the course, you should be familiar with client server architecture, security testing basics, and Burp Suite proxy. I hope you'll join me on this journey to learn how to be a great web app pen tester, with Penetration Testing of Identity, Authentication, and Authorization Mechanism course, at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT