Mastering Authentication Vulnerabilities - Ultimate Course

Name: Mastering Authentication Vulnerabilities - Ultimate Course
Rating: 4.6 (465 reviews)

How to Find, Exploit and Defend Against Authentication Vulnerabilities. For Ethical Hackers, Developers & Pentesters

Created byExperts with David Bombal, Rana Khalil, David Bombal

Last updated 8/2023

English

What you'll learn

Learn how to find vulnerabilities in authentication mechanisms.
Learn how to exploit authentication vulnerabilities of varying difficulty levels.
Gain hands-on experience exploiting authentication vulnerabilities using Burp Suite Community and Professional editions.
Learn how to automate attacks in Python.
Learn secure coding practices to implement proper authentication mechanisms.

Course content

6 sections • 24 lectures • 3h 41m total length

Course Introduction2:30

Lab #1 Username enumeration via different responses5:58
In this video, we cover Lab #1 in the Authentication module of the Web Security Academy. This lab is vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists:

Candidate usernames
Candidate passwords
To solve the lab, we enumerate a valid username, brute-force this user's password, then access their account page.
Lab #2 2FA simple bypass11:42
In this video, we cover Lab #2 in the Authentication module of the Web Security Academy. This lab's two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the user's 2FA verification code. To solve the lab, we access Carlos's account page.

Your credentials: wiener:peter
Victim's credentials carlos:montoya
Lab #3 Password reset broken logic13:05
In this video, we cover Lab #3 in the Authentication module of the Web Security Academy. This lab's password reset functionality is vulnerable. To solve the lab, we reset Carlos's password then log in and access his "My account" page.
Your credentials: wiener:peter
Victim's username: carlos
Lab #4 Username enumeration via subtly different responses9:19
In this video, we cover Lab #4 in the Authentication module of the Web Security Academy. This lab is subtly vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists:
Candidate usernames
Candidate passwords
To solve the lab, we enumerate a valid username, brute-force this user's password, then access their account page.
Lab #5 Username enumeration via response timing13:54
In this video, we cover Lab #5 in the Authentication module of the Web Security Academy. This lab is vulnerable to username enumeration using its response times. To solve the lab, we enumerate a valid username, brute-force this user's password, then access their account page.

Your credentials: wiener:peter
Candidate usernames
Candidate passwords
Lab #6 Broken brute-force protection, IP block14:16
In this video, we cover Lab #6 in the Authentication module of the Web Security Academy. This lab is vulnerable due to a logic flaw in its password brute-force protection. To solve the lab, we brute-force the victim's password, then log in and access their account page.

Your credentials: wiener:peter
Victim's username: carlos
Candidate passwords
Lab #7 Username enumeration via account lock9:37
In this video, we cover Lab #7 in the Authentication module of the Web Security Academy. This lab is vulnerable to username enumeration. It uses account locking, but this contains a logic flaw. To solve the lab, we enumerate a valid username, brute-force this user's password, then access their account page.

Candidate usernames
Candidate passwords
Lab #8 2FA broken logic9:31
In this video, we cover Lab #8 in the Authentication module of the Web Security Academy. This lab's two-factor authentication is vulnerable due to its flawed logic. To solve the lab, we access Carlos's account page.

Your credentials: wiener:peter
Victim's username: carlos
You also have access to the email server to receive your 2FA verification code.
Lab #9 Brute-forcing a stay-logged-in cookie17:09
In this video, we cover Lab #9 in the Authentication module of the Web Security Academy. This lab allows users to stay logged in even after they close their browser session. The cookie used to provide this functionality is vulnerable to brute-forcing.
To solve the lab, we brute-force Carlos's cookie to gain access to his "My account" page.
Your credentials: wiener:peter
Victim's username: carlos
Candidate passwords
Lab #10 Offline password cracking11:55
In this video, we cover Lab #10 in the Authentication module of the Web Security Academy. This lab stores the user's password hash in a cookie. The lab also contains an XSS vulnerability in the comment functionality. To solve the lab, we obtain Carlos's stay-logged-in cookie and use it to crack his password. Then, we log in as carlos and delete his account from the "My account" page.

Your credentials: wiener:peter
Victim's username: carlos
Lab #11 Password reset poisoning via middleware8:23
In this video, we cover Lab #11 in the Authentication module of the Web Security Academy. This lab is vulnerable to password reset poisoning. The user carlos will carelessly click on any links in emails that he receives. To solve the lab, we log in to Carlos's account. You can log in to your own account using the following credentials: wiener:peter. Any emails sent to this account can be read via the email client on the exploit server.
Lab #12 Password brute-force via password change25:04
Lab #13 Broken brute-force protection, multiple credentials per request16:42
In this video, we cover Lab #13 in the Authentication module of the Web Security Academy. This lab is vulnerable due to a logic flaw in its brute-force protection. To solve the lab, brute-force Carlos's password, then access his account page.
Victim's username: carlos
Candidate passwords
Lab #14 2FA bypass using a brute-force attack9:49
In this video, we cover Lab #14 in the Authentication module of the Web Security Academy. This lab's two-factor authentication is vulnerable to brute-forcing. You have already obtained a valid username and password, but do not have access to the user's 2FA verification code. To solve the lab, we brute-force the 2FA code and access Carlos's account page.
Victim's credentials: carlos:montoya

Requirements

Basic knowledge of computers (i.e. how to use the internet).
Basic knowledge of web fundamentals (HTTP requests, methods, cookies, status codes, etc.).
Latest version of Kali Linux VM (free download).
PortSwigger Web Security Academy account to access the labs (free registration).

Description

Authentication flaws are among the most critical security risks facing web applications today. Exploiting this type of vulnerability can lead to unauthorized access, bypassing authentication controls, and potential data breaches. Therefore, mastering the ability to identify and exploit authentication vulnerabilities has become an essential and foundational skill.

In this course, we dive into the technical details behind authentication vulnerabilities, the different types of authentication vulnerabilities you may encounter depending on the authentication mechanism that the application is using, how to find these types of vulnerabilities from a black-box perspective and the different ways to exploit authentication vulnerabilities. We also cover how to prevent and mitigate these types of vulnerabilities.

This is not your average course that just teaches you the basics of authentication flaws. This course contains over 3 hours worth of HD content that not only describes the technical details behind authentication vulnerabilities, but also contains 14 labs that give you hands-on experience exploiting real-world examples. The labs are of varying difficulty levels starting with really simple examples and slowly moving up in difficulty. You'll gain experience in cracking and brute-forcing user passwords, enumerating usernames, exploiting logic flaws in authentication mechanisms, bypassing 2FA authentication and much more!

If you're a penetration tester, application security specialist, bug bounty hunter, software developer, ethical hacker, or just anyone interested in web application security, this course is for you!

Who this course is for:

Penetration testers that want to understand how to find and exploit authentication vulnerabilities.
Software developers that want to understand how to defend against authentication vulnerabilities.
Bug bounty hunters that want to understand how to find and exploit authentication vulnerabilities.
Individuals preparing for the Burp Suite Certified Practitioner (BSCP) exam.
Individuals preparing for the OSWE certification.

Mastering Authentication Vulnerabilities - Ultimate Course

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 3min

Getting Help2 lectures • 5min

Authentication Vulnerabilities - Technical Deep Dive5 lectures • 29min

Lab Environment Setup1 lecture • 7min

Hands-on Authentication Vulnerabilities Labs14 lectures • 2hr 56min

Bonus Lecture1 lecture • 1min

Requirements

Description

Who this course is for: