OWASP Top 10: A2 – Broken Authentication

Hardening user and device authentication can go a long way in securing web applications. In this course youll start by learning the difference between authentication and authorization where authorization follows successful authentication. Youll also learn how authentication and authorization are related to web application security. Next youll explore how to hash and encrypt user credentials and harden user accounts through Microsoft Group Policy. Youll then examine how to use freely available tools to crack user credentials in various ways such as using the John the Ripper tool to pass Linux passwords and the Hydra tool to crack RDP passwords. Lastly youll learn how to enable user multi-factor authentication and conditional access policies as well as how to mitigate weak authentication.