From the course: CertNexus Certified IoT Security Practitioner Cert Prep by InfoSec
Join today to access over 25,500 courses taught by industry experts.
Implement secure authorization
From the course: CertNexus Certified IoT Security Practitioner Cert Prep by InfoSec
Implement secure authorization
- In this module, we're going to take a look at secure authorization, implementing secure authorization. Once attackers have gained a network access to a host, such as a client computer or server web application and so forth, the next step they will perform is to gain the right to perform tasks on the host. Secure authorization features should prevent an attacker from doing this. As an intruder, an attacker should have no rights to the system, but flaws in the system may sometimes enable an attacker to elevate their privileges, acquiring the ability to perform tasks through illegitimate channels that they haven't been authorized to perform. To accomplish this goal, attackers will use strategies such as using someone else's account, authenticating as another user to gain access to privileges assigned to that user's account, or granting their own account higher privileges, changing the administrative configuration of the application or service to assign additional rights to their own…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.