DURATION: 3 hours

CPE POINTS: On completion, you get a certificate granting you 3 CPE points. 

SELF-PACED, PRE-RECORDED, START ON JULY 19TH 

Both authentication and access control are key concepts for protecting web applications and their resources. As an ethical hacker, knowing which mechanisms are used to authenticate and authorize clients, and how to use them to gain information about the application, its users, and how to bypass them is a must. In this course, you learn not only how modern systems work and what common vulnerabilities can be found in the wild, but also how to use Burp Suite and some of its extensions to enhance your workflow during your assessments.

Who is this course for? 

From people that are starting in the offensive security world and want to learn web application security, to those who want to enhance their Burp skills and gain additional knowledge about more up-to-date vulnerabilities. 

Why take it NOW?

In September 2021, OWASP released its latest update of Top 10 Web vulnerabilities, with the number one being Broken Access Control, that involves many topics covered in this course.

Why THIS course? 

It does not matter how applications, protocols or technology evolve, there will always be methods for authenticating and authorizing users. They may change, but knowing the basics and foundations is the key point for learning any future attacks, vulnerabilities and mechanisms.


Course benefits:

What tools will you use?

  • Docker
  • Burp Suite
  • Python

What skills will you gain?

  • Assess authentication and access control mechanisms.
  • Use Burp Suite and its extensions to develop your custom attacks and identify security flaws.
  • Recommend to your clients what changes they should make to their applications to be more secure.

What will you learn about? 

  • Basic understanding of the HTTP protocol and its HTTPS variant.
  • How to enumerate information from web applications based on their authentication mechanism implementation.
  • How to bypass authentication-related security measures.
  • How to bypass different types of access controls.
  • How to protect web applications against these attacks.

Course general information: 

Course format: 

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What will you need?

  • Any PC with standard hardware and internet connection

What should you know before you join?

  • Basic knowledge about the HTTP protocol and client-server architectures.
  • How a proxy works.
  • Brief introduction to the HTTP and HTTPS protocols
  • Explanation of a proxy
  • Browser + Burp setup

YOUR INSTRUCTOR: Christian Barral Lopez 

Christian Barral Lopez is a senior IT security analyst specialized in Web and API security, as well as a Burp Suite Certified Practitioner. He leads an application security team and, among other tasks, he is in charge of performing and supervising vulnerability scans and penetration tests to a wide variety of digital assets, as well as helping in the mitigation process for every reported finding."


COURSE SYLLABUS


Module 1

User Enumeration

Take advantage of messages produced by the server, API endpoints and slight response variations to enumerate valid users from the website. Additionally, learn how to bypass blocking mechanisms against brute force attacks and create custom wordlists.

Workload: 25-30 mins video + 15-20 mins exercises

  • User enumeration
  • Identifying differences within responses
  • Brute force bypass techniques
  • Choosing and creating dictionaries
  • Countermeasures 

Exercises:

  1. Simple user + password login form vulnerable to enumeration. Objective: Log in!
  2. Reset password form vulnerable to enumeration with a slight response difference.
  3. Bypass rate limiting with a custom HTTP header. Objective: Log in!

Module 2

2FA (Two-Factor Authentication)

In order to enhance the user’s security, many web applications implement the Two-Factor Authentication, which is used as a double check before signing a user in. These methods are sometimes not secure enough due to bad programming practices, which could allow an attacker to bypass them.

Workload: 20 min video + 10-15 min exercises

  • Principles behind 2FA
  • 2FA workflow and common vulnerabilities
  • Countermeasures

Exercises:

  1. Brute force a 2FA system. Objective: Login as another user.
  2. Identify a flaw within the 2FA logic. Objective: Login as another user.

Module 3

Vertical Escalation & RBAC

Many web applications have a Role-Based Access Control (RBAC), where normal users are not allowed to execute actions that are supposed to be executed by administrators. In this section, you will learn how to exploit different features to gain a privileged role or perform some actions as if you were an admin.

Workload: 30 mins video + 20-25 min exercises

  • Endpoint enumeration
  • Origin-based access control
  • HTTP Parameter tampering
  • Insecure deserialization
  • Countermeasures

Exercises:

  1. Find a readable .htaccess file containing information about a hidden directory. Objective: Access the admin interface!
  2. Access a restricted endpoint using an origin-related header. Objective: Access the admin interface!
  3. Deserialize your cookie and change it to upgrade into an admin. Objective: Access the admin interface!

Module 4

JWT Authentication

Modern applications, like Single Page Applications, use token-based authentication with JSON Web Tokens (JWT). Even other widespread protocols like OpenID Connect use this type of tokens. Developers in many cases tend to use their own implementation for parsing and managing these JWTs, as well as weak secret keys, which make applications vulnerable to a variety of attacks.  

Workload: 20-25 mins video + 15-20 min exercises

  • How JSON Web Tokens work and their security principles
  • Cracking weak secret keys
  • Forging JWTs
  • Exploiting implementation flaws

Exercises:

  1. Crack an HMAC secret and create a JWT to access an administration portal.
  2. Bypass a JWT signature verification by deleting the signature and changing the algorithm. 
  3. Key exposure through the optional “kid” claim. 

Module 5

OAuth 2.0

Many web applications support OAuth nowadays, and although it has a secure design, some of this security relies on the developers that implement the OAuth mechanism. There are powerful OAuth 2.0 attacks that could be used to steal tokens from other users in the application or associate their account information with your own.

Workload: 30-35 mins video + 20 min exercises

  • Learn how the basic OAuth 2.0 flow works
  • Basic overview about grant types
  • Learn common vulnerabilities from OAuth 2.0 and how to bypass validations
  • Countermeasures
  • SAML and OpenID Connect Overview

Exercises:

  1. Retrieve the OAuth configuration file.
  2. Cross-Site Request Forgery within OAuth 2.0 negotiation.
  3. Cross-Site redirection and URL validation bypass. 

Final exam: 

MCQ Test: All the material overviewed in this course.


QUESTIONS? 

If you have any questions, please contact our eLearning Manager at [email protected].

(1,562 views)

Course Reviews

4.5

4.5
4 ratings
  • 5 stars2
  • 4 stars2
  • 3 stars0
  • 2 stars0
  • 1 stars0
  1. Interesting course, pity that the teacher does not respond to emails.

    4

    The course is interesting and I found it very useful as a first approach to Burp Suite. I have not been able to complete some exercises, I don’t know if due to my inability or errors in the exercises themselves. I tried to write to the teacher but got no reply. I want to thank Agata Staszelis for being very kind and available to help me in my difficulties.

  2. Assignments are fun to solve

    5

    I really enjoyed the course, especially the assignments. I was new to Burp but it is easy to handle thanks to all the instructions in the course.

  3. 4

    Good course giving information about the current authentication and authorization protocols and techniques.
    The assigments give a practical view and insight in the technical working and ways to bypass authentication and authorization. The personal feedback of the instructor on the assignments is an additonnal positve feedback on the course.

  4. great course

    5

    Thank you Christian for this amazing course!
    I was new to burp Suite and had a lot of fun capturing the flags during the exercises.
    The videos are very well done and the explanations are very clear and usefull.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023