• Online, Self-Paced
Course Description

OWASP Top 10 list items 4 and 2 involve applications with broken access controls and broken authentication and session management.

Learning Objectives

OWASP A4 and A2: Broken Applications

  • start the course
  • explain what Broken Access Control is
  • how Broken Access Control can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Broken Access Control and how common they are
  • the technical and business impacts of Broken Access Control
  • provide examples of Broken Access Control attacks
  • guess URLs and parameters to gain access to web pages and data
  • explain what Broken Authentication and Session Management is
  • how Broken Authentication and Session Management can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Broken Authentication and Session Management and how common they are
  • the technical and business impacts of Broken Authentication and Session Management
  • provide examples of Broken Authentication and Session Management attacks
  • retrieve sensitive data through password reset pages

Practice: Exploiting A4 and A2

  • what an attacker can access if they exploit A4 or A2

Framework Connections

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.