Web App Hacking: Hacking Password Reset Functionality

This course helps you understand different types of vulnerabilities in password reset functionality. You will learn how to test web applications for various flaws in password reset functionality and how to provide countermeasures for these problems.
Course info
Rating
(48)
Level
Beginner
Updated
Nov 17, 2016
Duration
49m
Table of contents
Description
Course info
Rating
(48)
Level
Beginner
Updated
Nov 17, 2016
Duration
49m
Description

Password reset functionality is very commonly implemented in modern web applications. In this course, Web App Hacking: Hacking Password Reset Functionality, you will learn that this sensitive functionality is often insecurely implemented and it can lead to very severe consequences. First, you will learn how password reset link can be disclosed over insecure channel and how it can leak to external domain via Referer header. Next, you will learn how the attacker can get unauthorized access to the account of arbitrary user as a result of Insecure Direct Object Reference in password reset functionality. You will also learn how the attacker can impersonate a user when session management is insecurely implemented at the time of password resetting. Finally, you will learn about weaknesses in lifecycle of password reset link and you will see how the attacker can enumerate users as a result of a weakness in password reset functionality. By the end of the course, you will know how to test web applications for various flaws in password reset functionality. What's more, you will learn how to implement this functionality securely.

About the author
About the author

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings.

More from the author
More courses by Dawid Czagan
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Dawid, welcome to my course, Web App Hacking: Hacking Password Reset Functionality. I am a security instructor, researcher, and bug hunter. Password reset functionality is very commonly implemented in modern web applications. It turns out however, that this sensitive functionality is often insecurely implemented and it can lead to very severe consequences. I will show you how a password reset link can be disclosed over an insecure channel, and how it can leak to an external domain by a referer header. You will learn how that hacker can get an unauthorized access to the account of the arbitrary user as a result of insecure direct object reference in password reset functionality. I will demonstrate how that hacker can impersonate a user when session management is insecurely implemented at the time of password resetting. I will discuss various flows in lifecycle of password reset link, and I will show you how that hacker can enumerate users as a result of a weakness in password reset functionality. By the end of the course you will know how to test web applications for various flaws in password reset functionality. What's more, you will learn how to implement this functionality securely. I hope you will join me on this journey to learn about attacks on password reset functionality with the Web App Hacking: Hacking Password Reset Functionality course at Pluralsight.

Leakage of Password Reset Link
If there is a leakage of password reset link, then the attacker can impersonate a user. In this module, I will show you how password reset link can be disclosed over an insecure channel. What's more, you will see how password reset link can leak to external domain via a referer header.

Insecure Direct Object Reference
Insecure Direct Object Reference is one of the most dangerous vulnerabilities. What's more, this vulnerability can be easily detected and exploited by the attacker. In this module, I will introduce Insecure Direct Object Reference, in short, IDOR. I will also show you how the attacker can get an unauthorized access to the account of an arbitrary user as a result of Insecure Direct Object Reference in password reset functionality.

Insecure Session Management
Password reset functionality is not only about changing the password, you also have to remember about session management. In this module I will show you how the attacker can impersonate a user when session management is insecurely implemented at the time of password resetting. In addition to this, a session expiration problem will be presented.

Weaknesses in Lifecycle of Password Reset Link
Security's as strong as the weakest point in the chain, and we need to carefully analyze the whole lifecycle of password reset link. In this module, you will learn how to create password reset link securely, and how to process this link securely once it has been used to reset a user's password.

User Enumeration
We don't want the attacker to learn who is registered in our web application. In this module I will show you how the attacker can enumerate users as a result of a weakness in password reset functionality, and I will also explain how to prevent this attack from happening.