Web Security: User Authentication and Access Control (2019)
1h 26mIntermediate2019-08-19
Authors

Kevin Skoglund
Founder of NovaFabrica
Course details
User authentication plays a central role in almost everything we do online. From apps to hardware and websites, user accounts and logins are everywhere. Authentication is critical for verifying a user's identity online and for confirming permissions so individuals can perform privileged actions. In this course, instructor Kevin Skoglund teaches you how authentication works, how to implement it correctly when building web applications, walks you through some of the most common attacks, and shows you how to protect your site. He also demonstrates how to secure your own passwords and digital identity so you can work securely. This course is ideal for all developers, particularly those who are interested in authentication and security.
Learning objectives
Verifying identity and access privileges
Authentication factors
Multi-factor authentication
Requirements for strong passwords
The dangers of password reuse
Encryption and hashing
Brute force and dictionary attacks
Salting passwords
Handling forgotten passwords
Insecure direct object references
Learning objectives
Verifying identity and access privileges
Authentication factors
Multi-factor authentication
Requirements for strong passwords
The dangers of password reuse
Encryption and hashing
Brute force and dictionary attacks
Salting passwords
Handling forgotten passwords
Insecure direct object references
Skills covered
Application SecurityCybersecurityDeep Dive (X:Y)
Concepts
0. Introduction
- 01 - Best practices for user authentication and access control
1. User Authentication
- 02 - The importance of authentication
- 03 - Authentication factors
- 04 - Credentials
- 05 - Multi-factor authentication
- 06 - Pitfalls of multi-factor authentication
- 07 - Biometric authentication
2. Passwords
- 08 - Encryption and hashing
- 09 - Brute force attacks
- 10 - Speed and throttling
- 11 - Dictionary attacks
- 12 - Salted passwords
- 13 - Strong passwords
3. Manage Passwords
- 14 - Password requirements
- 15 - Password theft and reuse
- 16 - Password managers
- 17 - Handle forgotten passwords
- 18 - Use HTTPS and TLS
4. Access Control
- 19 - Insecure references
- 20 - Regulate access privileges
- 21 - Cookies and sessions
- 22 - Deny lists and geofilters
- 23 - Single sign-on services
- 24 - Deactivate user access
Conclusion
- 25 - Next steps
Related courses
- Web Security: User Authentication and Access Control
- Spring 6: Spring Security
- Learning Amazon Cognito
- AWS Security Best Practices for Developers
- Azure Developer Associate (AZ-204) Cert Prep: Implement Azure Security
- Supabase Essential Training
- Building Customer Identity and Access Management (CIAM) in Your Applications on AWS
- AWS Certified Solutions Architect - Associate (SAA-C02) Cert Prep: 5 Identity and Access Management
Related learn paths
- Cybersecurity Fundamentals
- Become an IT Security Specialist
- Advancing Your Azure Developer Skills: Exploring Complex Application Development
- Prepare for the Azure Developer Associate (AZ-204) Certification
- Ubuntu Linux Professional Certificate
- Get Started with PHP
- Prepare for the AWS Certified Solutions Architect - Associate Exam (SAA-C02)
- Prepare for the Linux Professional Institute LPIC-2 (202-450) Certification Exam