Both authentication and access control are key concepts for protecting web applications and their resources. As an ethical hacker, knowing which mechanisms are used to authenticate and authorize clients, and how to use them to gain information about the application, its users, and how to bypass them is a must. In this course, you learn not only how modern systems work and what common vulnerabilities can be found in the wild, but also how to use Burp Suite and some of its extensions to enhance your workflow during your assessments.
Who is this course for?
From people that are starting in the offensive security world and want to learn web application security, to those who want to enhance their Burp skills and gain additional knowledge about more up-to-date vulnerabilities.
Why take it NOW?
In September 2021, OWASP released its latest update of Top 10 Web vulnerabilities, with the number one being Broken Access Control, that involves many topics covered in this course.
Why THIS course?
It does not matter how applications, protocols or technology evolve, there will always be methods for authenticating and authorizing users. They may change, but knowing the basics and foundations is the key point for learning any future attacks, vulnerabilities and mechanisms.
What tools will you use?
- Burp Suite
What skills will you gain?
- Assess authentication and access control mechanisms.
- Use Burp Suite and its extensions to develop your custom attacks and identify security flaws.
- Recommend to your clients what changes they should make to their applications to be more secure.
What will you learn about?
- Basic understanding of the HTTP protocol and its HTTPS variant.
- How to enumerate information from web applications based on their authentication mechanism implementation.
- How to bypass authentication-related security measures.
- How to bypass different types of access controls.
- How to protect web applications against these attacks.
Course general information:
DURATION: 3 hours
CPE POINTS: On completion, you get a certificate granting you 3 CPE points.
SELF-PACED, PRE-RECORDED, START ON JULY 19TH
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What will you need?
- Any PC with standard hardware and internet connection
What should you know before you join?
- Basic knowledge about the HTTP protocol and client-server architectures.
- How a proxy works.
- Brief introduction to the HTTP and HTTPS protocols
- Explanation of a proxy
- Browser + Burp setup
YOUR INSTRUCTOR: Christian Barral Lopez
Christian Barral Lopez is a senior IT security analyst specialized in Web and API security, as well as a Burp Suite Certified Practitioner. He leads an application security team and, among other tasks, he is in charge of performing and supervising vulnerability scans and penetration tests to a wide variety of digital assets, as well as helping in the mitigation process for every reported finding."
Take advantage of messages produced by the server, API endpoints and slight response variations to enumerate valid users from the website. Additionally, learn how to bypass blocking mechanisms against brute force attacks and create custom wordlists.
Workload: 25-30 mins video + 15-20 mins exercises
- User enumeration
- Identifying differences within responses
- Brute force bypass techniques
- Choosing and creating dictionaries
- Simple user + password login form vulnerable to enumeration. Objective: Log in!
- Reset password form vulnerable to enumeration with a slight response difference.
- Bypass rate limiting with a custom HTTP header. Objective: Log in!
2FA (Two-Factor Authentication)
In order to enhance the user’s security, many web applications implement the Two-Factor Authentication, which is used as a double check before signing a user in. These methods are sometimes not secure enough due to bad programming practices, which could allow an attacker to bypass them.
Workload: 20 min video + 10-15 min exercises
- Principles behind 2FA
- 2FA workflow and common vulnerabilities
- Brute force a 2FA system. Objective: Login as another user.
- Identify a flaw within the 2FA logic. Objective: Login as another user.
Vertical Escalation & RBAC
Many web applications have a Role-Based Access Control (RBAC), where normal users are not allowed to execute actions that are supposed to be executed by administrators. In this section, you will learn how to exploit different features to gain a privileged role or perform some actions as if you were an admin.
Workload: 30 mins video + 20-25 min exercises
- Endpoint enumeration
- Origin-based access control
- HTTP Parameter tampering
- Insecure deserialization
- Find a readable .htaccess file containing information about a hidden directory. Objective: Access the admin interface!
- Access a restricted endpoint using an origin-related header. Objective: Access the admin interface!
- Deserialize your cookie and change it to upgrade into an admin. Objective: Access the admin interface!
Modern applications, like Single Page Applications, use token-based authentication with JSON Web Tokens (JWT). Even other widespread protocols like OpenID Connect use this type of tokens. Developers in many cases tend to use their own implementation for parsing and managing these JWTs, as well as weak secret keys, which make applications vulnerable to a variety of attacks.
Workload: 20-25 mins video + 15-20 min exercises
- How JSON Web Tokens work and their security principles
- Cracking weak secret keys
- Forging JWTs
- Exploiting implementation flaws
- Crack an HMAC secret and create a JWT to access an administration portal.
- Bypass a JWT signature verification by deleting the signature and changing the algorithm.
- Key exposure through the optional “kid” claim.
Many web applications support OAuth nowadays, and although it has a secure design, some of this security relies on the developers that implement the OAuth mechanism. There are powerful OAuth 2.0 attacks that could be used to steal tokens from other users in the application or associate their account information with your own.
Workload: 30-35 mins video + 20 min exercises
- Learn how the basic OAuth 2.0 flow works
- Basic overview about grant types
- Learn common vulnerabilities from OAuth 2.0 and how to bypass validations
- SAML and OpenID Connect Overview
- Retrieve the OAuth configuration file.
- Cross-Site Request Forgery within OAuth 2.0 negotiation.
- Cross-Site redirection and URL validation bypass.
MCQ Test: All the material overviewed in this course.
If you have any questions, please contact our eLearning Manager at [email protected].