Aspire     Web App Vulnerability Analyst     Web App Vulnerability Analyst Track 1: OWASP Top 10 Mitigations

---

Hardening user and device authentication can go a long way in securing web applications. In this course, you'll start by learning the difference between authentication and authorization, where authorization follows successful authentication. You'll also learn how authentication and authorization are related to web application security. Next, you'll explore how to hash and encrypt user credentials and harden user accounts through Microsoft Group Policy. You'll then examine how to use freely available tools to crack user credentials in various ways, such as using the John the Ripper tool to pass Linux passwords and the Hydra tool to crack RDP passwords. Lastly, you'll learn how to enable user multi-factor authentication and conditional access policies, as well as how to mitigate weak authentication.

---

---

Objectives

OWASP Top 10: A2 - Broken Authentication discover the key concepts covered in this course differentiate between authentication and authorization recognize how weak authentication configurations can lead to system compromise hash user credentials encrypt user credentials use Wireshark to view plain text credential transmissions harden user authentication settings using Microsoft Group Policy use the Hydra tool to crack web form user passwords use Burp Suite to crack web form user password crack RDP passwords using Hydra use John the Ripper to crack Linux passwords use the Social Engineering Toolkit (SET) to steal user credentials enable multi-factor authentication for a Microsoft Azure cloud user account configure a conditional access policy in Microsoft Azure recognize how to mitigate broken authentication attacks summarize the key concepts covered in this course