From the course: A Bug Bounty Toolkit for Security Researchers
Join today to access over 25,500 courses taught by industry experts.
Authentication and authorization issues
From the course: A Bug Bounty Toolkit for Security Researchers
Authentication and authorization issues
- [Instructor] Authentication and authorization issues can lead to serious security breaches if not properly managed. Authentication bypass. This occurs when an attacker gains unauthorized access to a system by circumventing the login process. For example, unauthorized access can be gained by using non-default credentials or hard-coded passwords or by simply brute-forcing the credentials. As a security engineer, test login pages and authentication mechanisms for weaknesses like SQL injection, poorly implemented auth tokens, API keys, or session IDs. Now let's look at some authorization issues. The first is privilege escalation. Privilege escalation involves exploiting a flaw that allows an attacker to gain elevated privileges beyond what they are authorized to have. For instance, a low-privileged regular user might find a way to access admin functions or admin pages. Look for misconfiguration, permission settings, and direct access to certain URLs that could enable such escalations…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.