Research Academy
My account Customers About Blog Careers Legal Contact Resellers
Back to all learning paths
PRACTITIONER

Authentication vulnerabilities

This learning path explores authentication vulnerabilities, which have a critical impact on security. You'll learn about common mechanisms and vulnerabilities, and strategies for robust authentication.

Contents

Get started: What is authentication?

0 of 55

GET STARTED

What is authentication? 0 of 1

What is authentication? APPRENTICE Get started

What is the difference between authentication and authorization? 0 of 1

What is the difference between authentication and authorization? APPRENTICE

How do authentication vulnerabilities arise? 0 of 1

How do authentication vulnerabilities arise? APPRENTICE

What is the impact of vulnerable authentication? 0 of 2

What is the impact of vulnerable authentication? APPRENTICE

What is the impact of vulnerable authentication? - Continued APPRENTICE

Vulnerabilities in password-based login 0 of 19

Vulnerabilities in password-based login APPRENTICE

Brute-force attacks APPRENTICE

Brute-forcing usernames APPRENTICE

Brute-forcing passwords APPRENTICE

Brute-forcing passwords - Continued APPRENTICE

Username enumeration APPRENTICE

Username enumeration - Continued APPRENTICE

Lab: Username enumeration via different responses APPRENTICE

Lab: Username enumeration via subtly different responses PRACTITIONER

Lab: Username enumeration via response timing PRACTITIONER

Flawed brute-force protection APPRENTICE

Lab: Broken brute-force protection, IP block PRACTITIONER

Account locking APPRENTICE

Account locking - Continued APPRENTICE

Account locking - Continued APPRENTICE

Lab: Username enumeration via account lock PRACTITIONER

User rate limiting APPRENTICE

HTTP basic authentication APPRENTICE

HTTP basic authentication - Continued APPRENTICE

Vulnerabilities in multi-factor authentication 0 of 8

Vulnerabilities in multi-factor authentication APPRENTICE

Vulnerabilities in multi-factor authentication - Continued APPRENTICE

Two-factor authentication tokens APPRENTICE

Bypassing two-factor authentication APPRENTICE

Lab: 2FA simple bypass APPRENTICE

Flawed two-factor verification logic APPRENTICE

Lab: 2FA broken logic PRACTITIONER

Brute-forcing 2FA verification codes APPRENTICE

Vulnerabilities in other authentication mechanisms 0 of 15

Vulnerabilities in other authentication mechanisms APPRENTICE

Keeping users logged in APPRENTICE

Keeping users logged in - Continued APPRENTICE

Lab: Brute-forcing a stay-logged-in cookie PRACTITIONER

Keeping users logged in - Continued APPRENTICE

Lab: Offline password cracking PRACTITIONER

Resetting user passwords APPRENTICE

Sending passwords by email APPRENTICE

Resetting passwords using a URL APPRENTICE

Resetting passwords using a URL - Continued APPRENTICE

Lab: Password reset broken logic APPRENTICE

Resetting passwords using a URL - Continued APPRENTICE

Lab: Password reset poisoning via middleware PRACTITIONER

Changing user passwords APPRENTICE

Lab: Password brute-force via password change PRACTITIONER

Preventing attacks on your own authentication mechanisms 0 of 8

Preventing attacks on your own authentication mechanisms APPRENTICE

Take care with user credentials APPRENTICE

Don't count on users for security APPRENTICE

Prevent username enumeration APPRENTICE

Implement robust brute-force protection APPRENTICE

Triple-check your verification logic APPRENTICE

Don't forget supplementary functionality APPRENTICE

Implement proper multi-factor authentication APPRENTICE