From the course: Complete Guide to Application Security
Join today to access over 24,700 courses taught by industry experts.
Broken authentication
From the course: Complete Guide to Application Security
Broken authentication
- [Instructor] Broken authentication is a close second to broken object level authorization. Authentication weaknesses are easy to exploit and easy to detect, but they're a bit less widespread than broken object level authorization. So, how is broken authentication different? Authorization controls check whether permissions are appropriate after someone logs in. But that initial step of actually logging in is, that's right, authentication. Authentication vulnerabilities for APIs are very similar to authentication vulnerabilities for traditional web apps. Take credential stuffing attacks, for example. If an attacker has a list of usernames and passwords that they grabbed from the dark web, creds that were part of a data breach, then they might try to authenticate to your API using those same credentials. They might try tens of thousands of credentials, but in the end, they only need one set of creds to work. And like it or not, end users do reuse passwords. And to make matters worse…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
API security distinctions5m 36s
-
(Locked)
OWASP API Security Top Ten3m 21s
-
(Locked)
Broken object level authorization4m 59s
-
(Locked)
Broken authentication4m 44s
-
(Locked)
Demo: Implementing API authentication controls9m 2s
-
(Locked)
Unrestricted resource consumption5m 54s
-
(Locked)
Demo: Implementing resource consumption controls8m 19s
-
(Locked)
-
-
-
-
-