Secure Coding: Preventing Broken Access Control

Learn how to protect your code from access control issues. You will gain an understanding of how an attacker might find and attack those vulnerabilities before building defenses into your code.
Course info
Rating
(12)
Level
Intermediate
Updated
Apr 24, 2020
Duration
1h 57m
Table of contents
Description
Course info
Rating
(12)
Level
Intermediate
Updated
Apr 24, 2020
Duration
1h 57m
Description

Broken access controls can expose information and functionality in your service to unauthorized users and is currently one of the top vulnerabilities found in software. You need to understand those vulnerabilities in order to defend against potential attackers. In this course, Secure Coding: Preventing Broken Access Control, you will gain the ability to protect your code from access control vulnerabilities. First, you will learn to understand vulnerabilities and potential attacks against them. Next, you will discover some of the key principles associated with defensive code. Finally, you will explore how to write clean, readable, defensive code. When you are finished with this course, you will have the skills and knowledge needed to protect your code from access control vulnerabilities.

About the author
About the author

Gavin is passionate about security and has an extensive background in software development in regulated environments. He currently works in a Red Team at a FTSE 100 company.

More from the author
Python Secure Coding Playbook
Intermediate
2h 23m
Sep 2, 2021
Credential Access with LaZagne
Intermediate
21m
Feb 26, 2021
OWASP Top 10: API Security Playbook
Intermediate
2h 20m
Sep 25, 2020
More courses by Gavin Johnson-Lynn
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, everyone. My name is Gavin Johnson‑Lynn, and welcome to my course Secure Coding: Preventing Broken Access Control. I've worked in software development for a number of years, and I'm currently an offensive security specialist, improving the security of software and the business around me. Broken access control refers to a range of software vulnerabilities, which are some of the most common vulnerabilities in software today. They can expose a wide variety of information and functionality to unauthorized users, although they're often straightforward to fix. In this course, we're going to understand how a real attacker can find and attack these vulnerabilities. This lets us see how our code can be exploited in a realistic scenario. Armed with this information, we'll then look at defenses we can apply to our code. Some of the major topics that we'll cover include forced browsing to find hidden functionality, traversing directories for unauthorized file access, manipulating parameters to alter results, and finding insecure direct object references. By the end of this course, you'll have some simple, yet effective defenses that protect you from a range of broken access control vulnerabilities. Before beginning the course, you should have some experience with software development and, ideally, some knowledge of client server communication, such as a browser talking to a web server or an application talking to a web‑based API. I hope you'll join me on this journey to learn to code securely with the Secure Coding: Preventing Broken Access Control course at Pluralsight.