OWASP Top 10: A07:2021-Identification & Authentication Failures

Hardening user and device authentication can go a long way in securing web applications. In this course learn the difference between authentication and authorization and how they relate to web application security. Next explore how to hash and encrypt user credentials and harden user accounts through Microsoft Group Policy and practice using freely available tools to crack user credentials in various ways including the Hydra tool Burp Suite and John the Ripper. Finally learn how to enable user multi-factor authentication and conditional access policies as well as how to mitigate weak authentication. Upon completion youll be able to recognize how to discover and mitigate authentication vulnerabilities using various tools.