From the course: Learning the OWASP Top 10
Join today to access over 24,500 courses taught by industry experts.
Identification and authentication failures
From the course: Learning the OWASP Top 10
Identification and authentication failures
- [Instructor] The seventh item in the 2021 OWASP Top 10 is identification and authentication failures. OWASP says confirmation of the user's identity, authentication, and session management is critical to protect against authentication-related attacks. Basically, a web app should confirm that you are who you say you are. One type of failure is when an actor claims to have a given identity and the software does not prove that the claim is correct. Imagine you show up to the airport and you claim to be the pilot. You're about to fly a plane. What if no one checks your identity to confirm that you have the proper documentation? What if they don't ask for ID at all? In a web application, this could happen during a forgot my password flow. Say I forget the password to one of my hundreds of online accounts and I click the button that says I forgot my password. At this point, a check is supposed to be done, like I have to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
Broken access control4m 37s
-
(Locked)
Cryptographic failures3m
-
(Locked)
Injection4m 19s
-
(Locked)
Insecure design2m 58s
-
(Locked)
Security misconfiguration3m 6s
-
(Locked)
Vulnerable and outdated components3m 2s
-
(Locked)
Identification and authentication failures3m 17s
-
(Locked)
Software and data integrity failures3m 35s
-
(Locked)
Security logging and monitoring failures3m 17s
-
(Locked)
Server-side request forgery (SSRF)1m 43s
-
-