Research Academy
My account Customers About Blog Careers Legal Contact Resellers
Back to all learning paths
PRACTITIONER

Authentication vulnerabilities

This learning path explores authentication vulnerabilities, which have a critical impact on security. You'll learn about common mechanisms and vulnerabilities, and strategies for robust authentication.

Contents

Get started: What is authentication?

0 of 55

GET STARTED

What is authentication? 0 of 1

What is authentication? Get started

What is the difference between authentication and authorization? 0 of 1

What is the difference between authentication and authorization?

How do authentication vulnerabilities arise? 0 of 1

How do authentication vulnerabilities arise?

What is the impact of vulnerable authentication? 0 of 2

What is the impact of vulnerable authentication?

What is the impact of vulnerable authentication? - Continued

Vulnerabilities in password-based login 0 of 19

Vulnerabilities in password-based login

Brute-force attacks

Brute-forcing usernames

Brute-forcing passwords

Brute-forcing passwords - Continued

Username enumeration

Username enumeration - Continued

Lab: Username enumeration via different responses APPRENTICE

Lab: Username enumeration via subtly different responses PRACTITIONER

Lab: Username enumeration via response timing PRACTITIONER

Flawed brute-force protection

Lab: Broken brute-force protection, IP block PRACTITIONER

Account locking

Account locking - Continued

Account locking - Continued

Lab: Username enumeration via account lock PRACTITIONER

User rate limiting

HTTP basic authentication

HTTP basic authentication - Continued

Vulnerabilities in multi-factor authentication 0 of 8

Vulnerabilities in multi-factor authentication

Vulnerabilities in multi-factor authentication - Continued

Two-factor authentication tokens

Bypassing two-factor authentication

Lab: 2FA simple bypass APPRENTICE

Flawed two-factor verification logic

Lab: 2FA broken logic PRACTITIONER

Brute-forcing 2FA verification codes

Vulnerabilities in other authentication mechanisms 0 of 15

Vulnerabilities in other authentication mechanisms

Keeping users logged in

Keeping users logged in - Continued

Lab: Brute-forcing a stay-logged-in cookie PRACTITIONER

Keeping users logged in - Continued

Lab: Offline password cracking PRACTITIONER

Resetting user passwords

Sending passwords by email

Resetting passwords using a URL

Resetting passwords using a URL - Continued

Lab: Password reset broken logic APPRENTICE

Resetting passwords using a URL - Continued

Lab: Password reset poisoning via middleware PRACTITIONER

Changing user passwords

Lab: Password brute-force via password change PRACTITIONER

Preventing attacks on your own authentication mechanisms 0 of 8

Preventing attacks on your own authentication mechanisms

Take care with user credentials

Don't count on users for security

Prevent username enumeration

Implement robust brute-force protection

Triple-check your verification logic

Don't forget supplementary functionality

Implement proper multi-factor authentication