From the course: Dynamic Application Security Testing
Join today to access over 25,500 courses taught by industry experts.
A7: Identification and authentication failures - Burp Suite Tutorial
From the course: Dynamic Application Security Testing
A7: Identification and authentication failures
- [Instructor] The seventh set of risks in the OWASP top 10 list are identification and authentication failures. If an attacker can find a way around the login screen and start interacting with the application, or if you can't trust that the person using the app is the person they claim to be, then the application is vulnerable to these flaws. With all the data breaches in recent years, a lot of valid usernames and passwords have ended up on the dark web. It doesn't take a lot of technical skill for an attacker to download one of these lists and start logging into your application with valid user accounts that belong to somebody else. Default passwords are even worse. You don't believe me? Google for the admin guide for some of the older technology on your network, tech with an administrative web interface, and see if there's a default admin password combo listed in that guide. Even if the attacker doesn't have…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
The OWASP Top Ten3m 16s
-
(Locked)
A1: Broken access control5m 58s
-
(Locked)
A2: Cryptographic failures6m 49s
-
(Locked)
A3: Injection7m 44s
-
(Locked)
A4: Insecure design5m 30s
-
(Locked)
A5: Security misconfiguration7m 25s
-
(Locked)
A6: Vulnerable and outdated components7m 7s
-
(Locked)
A7: Identification and authentication failures6m 59s
-
(Locked)
A8: Software and data integrity failures5m 58s
-
(Locked)
A9: Security Logging and monitoring failures6m 54s
-
(Locked)
A10: Server-side request forgery (SSRF)5m 4s
-
(Locked)
-