Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Pluralsight

Web App Hacking: Hacking Authentication

via Pluralsight

Overview

In this web app security tutorial, you'll learn about a variety of different threats from SQL injection to how a password is stolen in a dictionary attack.

Authentication plays a crucial role in web application security. In this course, Web App Hacking: Hacking Authentication, you’ll learn about different types of vulnerabilities in an authentication mechanism. First, you’ll explore how the attacker can bypass password verification with SQL injection, and how they can learn a user’s password with dictionary attack. Next, you’ll cover how your credentials can be disclosed over an insecure channel when HTTPS is insecurely implemented in the web application. Additionally, you’ll discover how the attacker can impersonate you when the session ID isn't regenerated at the time of authentication, and how the attacker can learn who is registered in the web application. Finally, you’ll dive into industry best practices related to the authentication mechanism. By the end of the course, you'll know how to test web applications for various authentication flaws and how to provide countermeasures for these problems.

Syllabus

  • Course Overview 1min
  • Introduction 4mins
  • SQL Injection 10mins
  • Dictionary Attack 14mins
  • HTTPS Enforcement 8mins
  • Session Regeneration 7mins
  • User Enumeration 3mins
  • Industry Best Practices 5mins
  • Summary 4mins

Taught by

Dawid Czagan

Reviews

3.9 rating at Pluralsight based on 60 ratings

Start your review of Web App Hacking: Hacking Authentication

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.