From the course: The OWASP API Security Top 10: An Overview
Join today to access over 24,900 courses taught by industry experts.
API2:2019 broken authentication
From the course: The OWASP API Security Top 10: An Overview
API2:2019 broken authentication
- [Instructor] Next on the OWASP API security top 10 is broken authentication. OWASP describes this vulnerability as authentication mechanisms are often implemented incorrectly, allowing attackers to compromise authentication tokens or exploit implementation flaws to temporarily or permanently assume other users' identities. Compromising the system's ability to identify the client or user compromises API security overall. So let's go ahead and break this down. When it comes to applications, authentication is a process of verifying the identity of a user. Broken authentication is what happens when authentication methods are implemented poorly. This can be when applications display sensitive authentication details like auth tokens and passwords in the URL. The application permits weak passwords and encryption keys or authentication tokens like JSON web tokens are misconfigured. These misconfigurations can lead to brute force…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
API1:2019 broken object level authorization3m 17s
-
(Locked)
API2:2019 broken authentication3m 9s
-
(Locked)
API3:2019 excessive data exposure3m 24s
-
(Locked)
API4:2019 lack of resources and rate limiting3m 56s
-
(Locked)
API5:2019 broken function level authorization3m 30s
-
(Locked)
API6:2019 mass assignment2m 18s
-
(Locked)
API7:2019 security misconfigurations2m 49s
-
(Locked)
API8:2019 injection2m 32s
-
(Locked)
API9:2019 improper assets management3m 2s
-
(Locked)
API10:2019 insufficient logging and monitoring2m 41s
-
(Locked)
-