Exploiting Authentication and Access Control Mechanisms with Burp Suite (W65) - Ethical Hacking Course Online

Who is this course for? 

From people that are starting in the offensive security world and want to learn web application security, to those who want to enhance their Burp skills and gain additional knowledge about more up-to-date vulnerabilities. 

Why take it NOW?

In September 2021, OWASP released its latest update of Top 10 Web vulnerabilities, with the number one being Broken Access Control, that involves many topics covered in this course.

Why THIS course? 

It does not matter how applications, protocols or technology evolve, there will always be methods for authenticating and authorizing users. They may change, but knowing the basics and foundations is the key point for learning any future attacks, vulnerabilities and mechanisms.

What tools will you use?

• Docker
• Burp Suite
• Python

What skills will you gain?

• Assess authentication and access control mechanisms.
• Use Burp Suite and its extensions to develop your custom attacks and identify security flaws.
• Recommend to your clients what changes they should make to their applications to be more secure.

What will you learn about? 

• Basic understanding of the HTTP protocol and its HTTPS variant.
• How to enumerate information from web applications based on their authentication mechanism implementation.
• How to bypass authentication-related security measures.
• How to bypass different types of access controls.
• How to protect web applications against these attacks.

DURATION: 3 hours

CPE POINTS: On completion, you get a certificate granting you 3 CPE points. 

SELF-PACED, PRE-RECORDED, START ON JULY 19TH 

Course format: 

• Self-paced
• Pre-recorded
• Accessible even after you finish the course
• No preset deadlines
• Materials are video, labs, and text
• All videos captioned

What will you need?

• Any PC with standard hardware and internet connection

What should you know before you join?

• Basic knowledge about the HTTP protocol and client-server architectures.
• How a proxy works.
• Brief introduction to the HTTP and HTTPS protocols
• Explanation of a proxy
• Browser + Burp setup

• User enumeration
• Identifying differences within responses
• Brute force bypass techniques
• Choosing and creating dictionaries
• Countermeasures 

Exercises:

1. Simple user + password login form vulnerable to enumeration. Objective: Log in!
2. Reset password form vulnerable to enumeration with a slight response difference.
3. Bypass rate limiting with a custom HTTP header. Objective: Log in!

• Principles behind 2FA
• 2FA workflow and common vulnerabilities
• Countermeasures

Exercises:

1. Brute force a 2FA system. Objective: Login as another user.
2. Identify a flaw within the 2FA logic. Objective: Login as another user.

• Endpoint enumeration
• Origin-based access control
• HTTP Parameter tampering
• Insecure deserialization
• Countermeasures

Exercises:

1. Find a readable .htaccess file containing information about a hidden directory. Objective: Access the admin interface!
2. Access a restricted endpoint using an origin-related header. Objective: Access the admin interface!
3. Deserialize your cookie and change it to upgrade into an admin. Objective: Access the admin interface!

• How JSON Web Tokens work and their security principles
• Cracking weak secret keys
• Forging JWTs
• Exploiting implementation flaws

Exercises:

1. Crack an HMAC secret and create a JWT to access an administration portal.
2. Bypass a JWT signature verification by deleting the signature and changing the algorithm. 
3. Key exposure through the optional “kid” claim. 

• Learn how the basic OAuth 2.0 flow works
• Basic overview about grant types
• Learn common vulnerabilities from OAuth 2.0 and how to bypass validations
• Countermeasures
• SAML and OpenID Connect Overview

Exercises:

1. Retrieve the OAuth configuration file.
2. Cross-Site Request Forgery within OAuth 2.0 negotiation.
3. Cross-Site redirection and URL validation bypass.