Course Description
OWASP Top 10 list items 4 and 2 involve applications with broken access controls and broken authentication and session management.
Learning Objectives
OWASP A4 and A2: Broken Applications
- start the course
- explain what Broken Access Control is
- how Broken Access Control can be exploited and what kind of access is needed to exploit it
- how easy it is to detect Broken Access Control and how common they are
- the technical and business impacts of Broken Access Control
- provide examples of Broken Access Control attacks
- guess URLs and parameters to gain access to web pages and data
- explain what Broken Authentication and Session Management is
- how Broken Authentication and Session Management can be exploited and what kind of access is needed to exploit it
- how easy it is to detect Broken Authentication and Session Management and how common they are
- the technical and business impacts of Broken Authentication and Session Management
- provide examples of Broken Authentication and Session Management attacks
- retrieve sensitive data through password reset pages
Practice: Exploiting A4 and A2
- what an attacker can access if they exploit A4 or A2