Penetration Testing of Identity, Authentication and Authorization Mechanism

By Prasad Salvi
Learn how you can perform web application penetration testing on a website’s Identity Management, Authentication and Authorization mechanism and help organizations view their security posture before a malicious hacker exploits them.
Play course overview
Course info
Level
Intermediate
Updated
Aug 12, 2019
Duration
57m
Table of contents
Course Overview
Course Overview 1m
Testing Identity Management
Introduction 3m Identity Management Basics 3m Summary 0m Demo: Weak Techniques 10m
Breaking the Authentication Mechanism
Test for Weak Password Policy 1m Test for Credentials In Transit 3m Introduction 5m Test for Default Credentials 3m Password Management 4m Test for SQL Injection 3m Summary 3m Test For Browser Cache Weakness 3m
Bypassing Authorization to Gain Unauthorized Access
Introduction 5m Summary 2m Test For Directory Traversal 3m Test For Privilege Escalation 3m
Summary and Wrap Up
Course Summary 2m
Description
Course info
Level
Intermediate
Updated
Aug 12, 2019
Duration
57m
Description

Hackers are getting access to your sensitive data by exploiting web application vulnerabilities. In this course, Penetration Testing of Identity, Authentication and Authorization Mechanism, you will gain the ability to perform web application pentesting. First, you will learn Identity Management. Next, you will discover how to crack a websites' Authentication. Finally, you will explore how to bypass Authorization mechanism. When you’re finished with this course, you will have the skills and knowledge of web application penetration testing needed to perform different attack scenarios.

About the author
Prasad Salvi
About the author

Prasad is an Application Security Consultant with primary focus on providing services across the Secure Development Life cycle, Application Security and Penetration Testing spectrum. He is a part time bug bounty hunter.

Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] Hi, everyone. My name is Prasad Salvi and welcome to my course ___________, dusting off identity authentication and authorization mechanism. I'm an application security consultant and ___________ tester at a large payment processing company. Did you know that many pen testers today are only focusing on very high level test cases while performing security testing? This course is designed to expand your knowledge beyond focusing on balloon attack techniques. We would be attacking with applications through a hands on approach. Using Bob Suite has a pen testing tool of choice Some of the major topics that we will cover in fluid identity management testing, cracking authentication and bypassing our tradition. Checks by the end of the scores even know how to perform all these techniques at a comfortable and efficient level. No better perform a job as a pen tester before beginning the course. You should be familiar with plants of architecture, security, testing basics and work through proxy. I hope you'll join me on this journey to learn how to be a great rebel pen tester with ___________, testing off identity authentication and our tradition mechanism course. Every real state

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT