Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Defending TypeScript Applications Against Improper Authentication
Improper Authentication is a broad class of vulnerabilities that results from not implementing authentication controls correctly or not applying authentication controls for functionality where such controls are required. This type of vulnerability allows attackers to gain unauthorized access to the application. The exact impact depends on what application functionality lacks sufficient authentication and ranges from information disclosure to complete control of the application with the potential to execute additional privilege escalation attacks.
This Skill Lab provides a virtual environment that contains a vulnerable application with its complete source code for training developers to identify and remediate Improper Authentication vulnerabilities.
Course Overview
Learning Objectives
In this lab, the learner will receive hands-on experience testing for an Improper Authentication vulnerability and implementing an appropriate mitigation. The typical solution is to implement strong authentication controls for all functionality that requires authentication.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Work Roles
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.