Attacking and Defending Authentication & Access Control

4th of July Sale: Use coupon “FIREWORKS15” and get 15% off on Pro and Pro Plus Individual Annual Plans.
Learning Path
Application Security Essentials
Ideal for
Security Champion
Security Architect
Security Engineer
Cloud Labs

Web application security, among other things, deals with user authentication and controlling a user’s access to private information. From session management, to password management, to direct object reference, authentication and access control mechanisms are as critical as they are easy to misconfigure.

In Attacking and Defending Authentication & Access Control, we’re getting in the shoes of both the attacker and defender to fully understand web app security. We begin with a look at methods to authenticate users. With the help of hands-on labs, we’ll explore how to attack and defend sessions, as well as defending web app session management.

Next, you’ll learn in detail about the best practices of handling and resetting passwords. Our final module is all about access control. Here, you’ll primarily use hands-on labs to learn about various aspects of Insecure Direct Object Reference, including how to implement bulletproof Access Control Systems.

Our learning material is backed by years of security testing experience, knowledge, and original research across our entire security team. This course uses practical learning with labs and exercises extensively, with the aim of getting you as comfortable as possible with the moving parts of web application authentication and access control.  

You might also like these courses

Or explore these Learning Paths


Flaws in Session Fixation and Defense

Implementing AuthZ for a Web App with Casbin

Primary Key IDOR - Python

Insecure Direct Object Reference - Mass Assignment

Hands-on. Defensive. Bleeding-Edge.

There's no other training platform that does all three. Except AppSecEngineer.
Get Our Newsletter
Get Started

Contact Support

1603 Capitol Avenue,
Suite 413A #2898,
Cheyenne, Wyoming 82001,
United States

Copyright AppSecEngineer © 2023