Attacks on credentials are the easiest and most effective way for attackers to gain access to servers and private resources.
- In 2009, an attacker cracked a password … to a support staff account at Twitter, … and gained access to an admin control panel. … This allowed them to hijack many user accounts, … including the account of the U.S. President. … What was the password to the support staff account? … It was happiness. … Credentials are a standard feature of every website. … Developers use credentials to configure the server … and to upload code. … Users have credentials which allow them … to log in to password-protected areas of the site. … Credentials can grant an attacker easy access to do harm. … There are several attacks which can be made on credentials. … There's credential theft, brute-force attack, … dictionary attacks, and credential stuffing. … Credential theft is pretty straightforward. … Someone discovers your username and password. … Hopefully, you already know better … than to keep your credentials on a post-in note … next to your monitor. … You should also be careful … about sending passwords over email. …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.