Course Overview
In this course, we dive into the technical details behind access control vulnerabilities. We explore methods for finding these vulnerabilities from both black-box and white-box perspectives, along with various techniques for exploiting them. We also go through prevention and mitigation techniques to safeguard against these types of vulnerabilities.
This is not your average course that just teaches you the basics. It's the perfect mix of theory and practice! The course contains 13 hands-on labs of varying difficulty levels that teach you how to first manually exploit the vulnerability and then how to script/automate your exploit in Python.
Requirements:
- Basic knowledge of computers (i.e. how to use the internet).
- Basic knowledge of web fundamentals (HTTP requests, methods, cookies, status codes, etc.).
- Latest version of Kali Linux VM (free download).
- PortSwigger Web Security Academy account to access the labs (free registration).
- Basic knowledge of Python Scripting.
COURSE CURRICULUM - 6 HOURS
- Lab #1 Unprotected admin functionality (15:06)
- Lab #2 Unprotected admin functionality with unpredictable URL (22:56)
- Lab #3 User role controlled by request parameter (23:42)
- Lab #4 User role can be modified in user profile (21:39)
- Lab #5 URL-based access control can be circumvented (15:23)
- Lab #6 Method-based access control can be circumvented (17:23)
- Lab #7 User ID controlled by request parameter (21:24)
- Lab #8 User ID controlled by request parameter, with unpredictable user IDs (29:18)
- Lab #9 User ID controlled by request parameter with data leakage in redirect (21:36)
- Lab #10 User ID controlled by request parameter with password disclosure (27:13)
- Lab #11 Insecure direct object references (22:44)
- Lab #12 Multi-step process with no access control on one step (16:25)
- Lab #13 Referer-based access control (14:15)
This course is included in
the All-Access Membership
plan starting at $29.99/month
Gain full access to this course as well as our entire course catalog by enrolling in the All-Access Membership plan.
Courses Included in the All-Access Membership Plan
Frequently Asked Questions (FAQ)
What is the refund policy?
All students are entitled to a 3-day refund from the date of purchase of the All-Access Membership. Please follow the instructions outlined in this link to submit a refund request.
Will I receive a certificate of completion after I finish the course?
Yes, we currently provide a certificate of completion. However, the course is designed to help aid students in the preparation for PortSwigger's Burp Suite Certified Practitioner certification. Therefore, students are encouraged to enroll in the certification if they feel they are ready.
Does the course include subtitles?
Yes, all of the lessons in this course feature auto-generated English, Arabic, Spanish, Portuguese, Hindi & French subtitles. We are currently in the process of having these subtitles reviewed by human experts to ensure their accuracy.
Is the course eligible for Continuing Professional Education (CPE) credits?
Yes, each certificate of completion specifies the total CPE credits earned.