As mentioned previously, I’m doing an online training course – Web Application Penetration Testing – from ELearnSecurity.

Module 8 – Authentication

Module 8 covers Authentication, including the most common authentication mechanisms, their weaknesses and the related attacks.

It covers the following:

  • Single-factor Authentication
  • Two-factor Authentication
  • Credentials over un-encrypted channels
  • Inadequate Password Policy
  • User Enumeration
  • Default accounts
  • Remember Me feature
  • Password Reset
  • Logout weaknesses
  • Direct page requests
  • Incorrect Redirection