Section 5: Password Testing
5.1 How Password Attacks Work?
The most important security control in a web application is the authentication. Let’s learn password testing and the different approaches.
Explain how password cracking/testing works
Learn the different password testing approaches
Understand password policies and account locking.
Link:
Watch Video
Watch Video
5.2 Our First Password Brute Forcer
We want to create a brute forcer for Basic authentication in order to detect the valid passwords for a given user.
Learn what basic authentication is
Create our first password brute forcer
Test the new script against our test web application.
Create our first password brute forcer
Test the new script against our test web application.
Link:
Watch Video
Watch Video
5.3 Adding Support for Digest Authentication
Some applications use an authentication method called Digest authentication, which is stronger and more secure than Basic authentication. We want to add support to this method to our script.
First, learn about Digest authentication
Then, modify our script to support this method.
First, learn about Digest authentication
Then, modify our script to support this method.
Finally, test the resulting script.
Link:
Watch Video
Watch Video
5.4 Form-based Authentication
You learned how to test Basic- and Digest-based authentication, but most of the web application use Form-based authentication, which is the famous login form. In this video, you will learn how we can brute force these forms.
Understand form authentication
Modify a previous script to add the form authentication feature
Run the script and then fine-tune it.
Link:
Watch Video
Watch Video
Click Here for Section 6
0 Comments