Enterprises
Individuals
Enterprises
Individuals
Menu
Menu
Sign in
Product
Solutions
Pricing
Resources
Learn
Hands-on Labs
Courses
Learning Journeys
Challenges
Cloud Sandboxes
Playgrounds
Measure
Assessments
Certifications
Integrate
SCORM & LTI
SSO & SCIM
Our Learning Platform
Get Started Today
Book a demo
Get free trial
Contact us
Industries
Manufacturing
Government
Finance
Technology
Healthcare
Defence
Retail
Teams
C-suite
Security Teams
Engineering Teams
For L&D
We’ll help you
Achieve ROI
Achieve Compliance
Reduce Risk
Measurable Increase in Skills
Instructor Led Training
Success Stories
View all
View Enterprise Plans
Resources
E-books
Case studies
Webinars
Blog
Support
AppSecEngineer 101 Guide
Help Center
Discord
Teams
For C-suite
For Engineering Teams
For Product Teams
For L&D
What’s New
View all
Ditch the Audit Panic! AppSecEngineer's Got Your Back.
The Complete Guide to ISO 27001 Compliance
X
X
X
Beginner

Attacking and Defending Authentication & Access Control

Step into the Spotlight with AppSec Expertise: Use coupon ‘SKILLUP30’ and get 30% Off on Individual Pro Annual Plans.
Learning Path
Application Security Essentials
Ideal for
Developer
Pentester
Security Champion
Security Architect
Security Engineer
4
Hours
13
Lessons
3
Cloud Labs

Web application security, among other things, deals with user authentication and controlling a user’s access to private information. From session management, to password management, to direct object reference, authentication and access control mechanisms are as critical as they are easy to misconfigure.

In Attacking and Defending Authentication & Access Control, we’re getting in the shoes of both the attacker and defender to fully understand web app security. We begin with a look at methods to authenticate users. With the help of hands-on labs, we’ll explore how to attack and defend sessions, as well as defending web app session management.

Next, you’ll learn in detail about the best practices of handling and resetting passwords. Our final module is all about access control. Here, you’ll primarily use hands-on labs to learn about various aspects of Insecure Direct Object Reference, including how to implement bulletproof Access Control Systems.

Our learning material is backed by years of security testing experience, knowledge, and original research across our entire security team. This course uses practical learning with labs and exercises extensively, with the aim of getting you as comfortable as possible with the moving parts of web application authentication and access control.  

Get STARTED

You might also like these courses

Introduction to Web App Cryptography

Cross-Site-Scripting Attack and Defense

Injections, XXE, and Insecure Deserialization

Or explore these Learning Paths

AI & LLM Security Learning Path and Collection
Google Cloud Security
Threat Modeling
Kubernetes Security
DevSecOps
Container Security
Azure Security
AWS Security
Advanced Application Security
Application Security Essentials

Labs

Flaws in Session Fixation and Defense

Implementing AuthZ for a Web App with Casbin

Primary Key IDOR - Python

Insecure Direct Object Reference - Mass Assignment

Course Content

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
X
QUICK LINKS
Sign InSign UpPrivacy Policy
E-BOOKS
Beginner's Guide to
a Career in AppSecTrain your Teams to Fly
FOLLOW APPSECENGINEER
CONTACT

Contact Support

help@appsecengineer.com

68 Circular Road, #02-01, 049422, Singapore

Copyright AppSecEngineer © 2023