Broken authentication and session management flaws enable attackers to bypass authentication controls and gain access to sensitive functions and data sets. In this video, learn how to test for broken authentication and session management flaws.
- [Instructor] The second set of risks … in the OWASP top 10 list are broken authentication flaws. … If an attacker can find a way around the login screen … and start interacting with the application, … then the application is vulnerable … to broken authentication. … With all of the data breaches in recent years, … a lot of valid usernames and passwords … have ended up on the deep web. … It doesn't take a lot of technical skill … for an attacker to download one of these lists … and log into your application with a valid user account … that belongs to someone else. … Default passwords are even worse. … Don't believe me? … Google for the admin guide … for some of the older technology on your network, … tech that has an administrative web interface, … and see if there's a default admin password combo listed … in that publicly available guide. … Even if an attacker doesn't have a valid set of credentials, … there are number of brute force attack tools … that will try different combinations …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.