Secure Account Management Fundamentals

Secure Account Management Fundamentals is all about exploiting then protecting security weaknesses in the features we often take for granted in websites today such as registration, logon, changing account info, and logoff.
Course info
Rating
(180)
Level
Intermediate
Updated
January 3, 2015
Duration
7h 1m
Table of contents
Introduction
17m 28s
Registration
1h 11m
Logon
1h 2m
Remember Me
26m 55s
Password Reset
50m 38s
Logoff
33m 5s
Description
Course info
Rating
(180)
Level
Intermediate
Updated
January 3, 2015
Duration
7h 1m
Description

A fundamental component of many modern day applications is the ability to create and manage user accounts. So many of the services we use every day as consumers and build as developers depend on the ability for customers to register, login, and then perform tasks under their identity. However, every day we see a barrage of attacks against poorly implemented account management facilities. These range from brute force attacks against the login to the impersonation of authenticated users, to the cracking of breached passwords. Often, weaknesses in account management facilities are simply due to the developers not having thought through the potential risks from a hacker's mindset. This course demonstrates how attackers think and exploit these weaknesses. There are numerous high-profile precedents including the celebrity iCloud photo hack, GitHub account attacks and Dropbox credential disclosure. In some of these cases, oversights in secure account management practices left systems unnecessarily vulnerable whilst in others, good practices undoubtedly mitigated the scale of the damage caused. This course regularly refers to real world examples – both good and bad – as a means of illustrating risks and the effectiveness of security controls.

About the author
About the author

Troy is a Software Architect, Microsoft MVP for Developer Security and ASPInsider. He's a regular conference speaker, frequent blogger at troyhunt.com and is the author of the OWASP Top 10 for .NET developers series and the free eBook of the same name.

More from the author
Play by Play: Azure Beyond Websites
Beginner
1h 16m
14 Apr 2017
More courses by Troy Hunt