WEBVTT 0:00:05.820000 --> 0:00:10.300000 Hello everyone and welcome to the authentication and session management 0:00:10.300000 --> 0:00:15.240000 testing course. Now before we get started with the course, I always like 0:00:15.240000 --> 0:00:22.740000 going over the course or providing you the students with a course overview. 0:00:22.740000 --> 0:00:27.440000 So sort of giving an idea as to what will be covering the extent to which 0:00:27.440000 --> 0:00:31.300000 we will be covering a particular topic. 0:00:31.300000 --> 0:00:36.320000 And finally, going over some of the prerequisites for the course as well 0:00:36.320000 --> 0:00:37.480000 as the learning outcomes. 0:00:37.480000 --> 0:00:41.660000 So learning outcomes being the most important because this is where our 0:00:41.660000 --> 0:00:45.580000 layout, what you will know and more importantly, what you will be able 0:00:45.580000 --> 0:00:47.440000 to do by the end of the course. 0:00:47.440000 --> 0:00:52.240000 And this is very important because at the end of the course, when we're 0:00:52.240000 --> 0:00:58.680000 going to have the course summary video, we will be revisiting the learning 0:00:58.680000 --> 0:01:04.080000 outcomes to essentially, you know, firstly, provide you with a way of 0:01:04.080000 --> 0:01:08.180000 actually seeing what you learned and what you improved on, what you're 0:01:08.180000 --> 0:01:12.500000 able to do. So it gives you a way of tracking your progress and allowing 0:01:12.500000 --> 0:01:16.420000 you to see exactly what this course gave you in the way of knowledge and 0:01:16.420000 --> 0:01:21.340000 skills. But more importantly, it also ensures, and this is really important 0:01:21.340000 --> 0:01:26.420000 for me, but maybe to you, it allows me to actually verify that I did cover 0:01:26.420000 --> 0:01:30.180000 everything that I laid out or that I wanted to cover in the way that, 0:01:30.180000 --> 0:01:33.140000 you know, in the way that it should have been covered. 0:01:33.140000 --> 0:01:36.180000 And this obviously aligns with the learning outcomes. 0:01:36.180000 --> 0:01:41.020000 So my job during this course is, you know, primarily going to be to ensure 0:01:41.020000 --> 0:01:46.000000 that by the end of the course, we've hit or we've met all of the learning 0:01:46.000000 --> 0:01:51.480000 outcomes and you guys know what you should know and you know how to perform 0:01:51.480000 --> 0:01:56.000000 what you should be able to perform what I lay out anyway, sort of a long 0:01:56.000000 --> 0:01:58.140000 winded introduction. 0:01:58.140000 --> 0:02:01.140000 Let's get some of the formalities out of the way. 0:02:01.140000 --> 0:02:04.080000 Who am I? My name is Alexis Ahmed. 0:02:04.080000 --> 0:02:08.280000 I am the offensive security or red team instructor here at INE. 0:02:08.280000 --> 0:02:11.140000 I'm also a red team lead at Hackersploit. 0:02:11.140000 --> 0:02:15.600000 So again, my experience is on the offensive side of cybersecurity. 0:02:15.600000 --> 0:02:20.960000 Now, to kick things off, I always like going over some of the key concepts, 0:02:20.960000 --> 0:02:24.860000 giving you an overview of some of the key concepts that we'll be covering 0:02:24.860000 --> 0:02:26.720000 during this course. 0:02:26.720000 --> 0:02:31.140000 And the first of which is going to be, you know, getting an understanding, 0:02:31.140000 --> 0:02:35.820000 a very tacit, practical understanding of modern authentication and session 0:02:35.820000 --> 0:02:38.960000 management mechanisms in web applications. 0:02:38.960000 --> 0:02:43.980000 Right? So sort of getting an understanding of, you know, how authentication 0:02:43.980000 --> 0:02:48.760000 is implemented in web applications today, as well as session management. 0:02:48.760000 --> 0:02:53.040000 And that will tie into, you know, the flaws or the vulnerabilities that 0:02:53.040000 --> 0:02:57.840000 exist in these modern systems or modern authentication and session management 0:02:57.840000 --> 0:03:03.180000 mechanisms. Will then move on logically speaking, or if you were to look 0:03:03.180000 --> 0:03:10.840000 at it logically to, you know, the techniques for assessing and testing 0:03:10.840000 --> 0:03:17.380000 authentication mechanisms, as well as, you know, the techniques for assessing 0:03:17.380000 --> 0:03:22.700000 and testing session management, you know, session management mechanisms 0:03:22.700000 --> 0:03:25.860000 and also, you know, identifying vulnerabilities. 0:03:25.860000 --> 0:03:30.480000 So what that means is you're going to learn how to, you know, test authentication 0:03:30.480000 --> 0:03:34.560000 mechanisms, whatever type they are, whether they be, you know, single, 0:03:34.560000 --> 0:03:37.840000 you know, a simple login form. 0:03:37.840000 --> 0:03:43.160000 And in the case of session management, you know, we're going to be taking 0:03:43.160000 --> 0:03:48.540000 a look at the standard, you know, cookie -based session management or session 0:03:48.540000 --> 0:03:50.740000 IDs, token-based, etc. 0:03:50.740000 --> 0:03:54.080000 So there's quite a lot of stuff that we're going to be, you know, exploring. 0:03:54.080000 --> 0:03:58.400000 And again, all of this is going to be grounded in a modern context. 0:03:58.400000 --> 0:04:02.680000 What that means is that this course is quite closely aligned to what you're 0:04:02.680000 --> 0:04:05.560000 likely to expect in the real world. 0:04:05.560000 --> 0:04:08.480000 So this is, I think, quite important. 0:04:08.480000 --> 0:04:11.080000 And then, of course, we're going to have some advanced topics, which is, 0:04:11.080000 --> 0:04:15.540000 I guess, sort of the idea within this course or this learning path. 0:04:15.540000 --> 0:04:21.360000 And these topics will revolve around JWTs or JSON web tokens or off. 0:04:21.360000 --> 0:04:23.360000 So again, as you can see, quite modern. 0:04:23.360000 --> 0:04:27.580000 And, of course, two-factor authentication, how it can be bypassed, etc. 0:04:27.580000 --> 0:04:32.340000 So, you know, quite a bit of interesting, really relevant stuff, you know, 0:04:32.340000 --> 0:04:33.900000 that we're going to be covering. 0:04:33.900000 --> 0:04:39.980000 In terms of the major topics, so this is where I now break down, you know, 0:04:39.980000 --> 0:04:44.120000 the topics or the subject matter in an organized way. 0:04:44.120000 --> 0:04:49.720000 And I sort of lay out some of the major ones or the major categories or 0:04:49.720000 --> 0:04:53.880000 sections of the course and sort of explain what will be covered. 0:04:53.880000 --> 0:04:57.220000 So the first major topic is going to be focused around authentication 0:04:57.220000 --> 0:05:01.480000 and session management testing, but more specifically, the methodology 0:05:01.480000 --> 0:05:05.460000 and the frameworks to use to essentially provide you with a structured 0:05:05.460000 --> 0:05:08.820000 methodological way of performing these tests. 0:05:08.820000 --> 0:05:12.960000 And this will all be coupled or paired with, of course, theoretical information 0:05:12.960000 --> 0:05:17.900000 or knowledge about specific vulnerabilities or very specific information 0:05:17.900000 --> 0:05:19.020000 about vulnerabilities. 0:05:19.020000 --> 0:05:24.140000 How to test for very specific and nuanced vulnerabilities. 0:05:24.140000 --> 0:05:25.920000 So quite a bit of stuff there. 0:05:25.920000 --> 0:05:28.400000 And I consider that to be a major topic. 0:05:28.400000 --> 0:05:32.760000 We'll then move on to the actual testing phase where we practically look 0:05:32.760000 --> 0:05:36.880000 at how to implement or to perform specific tests, right? 0:05:36.880000 --> 0:05:40.440000 So in this case, authentication testing techniques. 0:05:40.440000 --> 0:05:45.940000 So how do you properly rigorously and methodologically test an authentication 0:05:45.940000 --> 0:05:52.160000 mechanism on a website or a web application or even an API endpoint? 0:05:52.160000 --> 0:05:54.820000 And then we'll have session management testing techniques. 0:05:54.820000 --> 0:05:57.060000 So they'll be all sorted into their own section. 0:05:57.060000 --> 0:05:59.580000 So again, same thing applies. 0:05:59.580000 --> 0:06:05.980000 The various techniques, you know, to essentially test session management 0:06:05.980000 --> 0:06:09.900000 mechanisms or implementations in web applications. 0:06:09.900000 --> 0:06:13.920000 And that, as you know, or you probably know, is, you know, a category 0:06:13.920000 --> 0:06:17.440000 should be in a category of its own. 0:06:17.440000 --> 0:06:20.700000 And then we're going to have, we're going to be taking a look at token 0:06:20.700000 --> 0:06:21.480000 based authentication. 0:06:21.480000 --> 0:06:26.820000 So when we talk about the, you know, just the general overview side of 0:06:26.820000 --> 0:06:31.320000 things or the introductory side of things, you'll be getting an introduction 0:06:31.320000 --> 0:06:34.780000 to JWT. So Jason Web tokens and OAuth. 0:06:34.780000 --> 0:06:40.340000 But more importantly, you learn how to test these particular protocols 0:06:40.340000 --> 0:06:45.160000 or mechanisms, whether they be, you know, JWTs, OAuth, etc. 0:06:45.160000 --> 0:06:49.620000 But you'll also understand why token based authentication was created 0:06:49.620000 --> 0:06:54.480000 as sort of an alternative to the standard forms of authentication. 0:06:54.480000 --> 0:06:58.360000 And yeah, so token based authentication. 0:06:58.360000 --> 0:07:02.320000 And then finally, techniques for bypassing to factor authentication and 0:07:02.320000 --> 0:07:07.020000 OTPs. So there's quite a bit of stuff that we'll be covering in this course. 0:07:07.020000 --> 0:07:08.320000 And I'm really, really excited. 0:07:08.320000 --> 0:07:10.040000 Hopefully you are too. 0:07:10.040000 --> 0:07:12.840000 And that brings us now to the learning outcomes. 0:07:12.840000 --> 0:07:17.660000 So again, revisiting what I said earlier on in this video, this is where 0:07:17.660000 --> 0:07:22.440000 I lay out what you will know or the knowledge you will possess and the 0:07:22.440000 --> 0:07:27.440000 skills you will have acquired by the end of this course. 0:07:27.440000 --> 0:07:30.280000 So quite important to me, but also probably important to you. 0:07:30.280000 --> 0:07:34.820000 So firstly, you'll have an understanding of authentication and session 0:07:34.820000 --> 0:07:38.960000 management, but to provide you with more context as to what I mean by 0:07:38.960000 --> 0:07:45.740000 understand. What I would expect someone to know by the end of this course 0:07:45.740000 --> 0:07:51.240000 or to be able to do is to explain, to be able to explain the core concepts 0:07:51.240000 --> 0:07:56.040000 of authentication, session management, and more importantly, their role 0:07:56.040000 --> 0:07:58.960000 in web application security as a whole. 0:07:58.960000 --> 0:08:00.960000 So very, very important. 0:08:00.960000 --> 0:08:06.940000 The being able to explain all of this stuff is really, really important 0:08:06.940000 --> 0:08:11.540000 because it essentially tells me that I need to explain it to you really 0:08:11.540000 --> 0:08:14.580000 well for you to be able to explain it to someone else. 0:08:14.580000 --> 0:08:17.780000 Secondly, authentication testing. 0:08:17.780000 --> 0:08:21.540000 So by the end of this course, you should be able to identify authentication 0:08:21.540000 --> 0:08:23.680000 flaws or vulnerabilities. 0:08:23.680000 --> 0:08:25.980000 And this is the most important thing. 0:08:25.980000 --> 0:08:29.620000 Apply the appropriate techniques to test for these vulnerabilities. 0:08:29.620000 --> 0:08:33.860000 So you need to know how to find vulnerabilities or to spot them, but also 0:08:33.860000 --> 0:08:37.060000 how to test for these vulnerabilities. 0:08:37.060000 --> 0:08:41.440000 When I say test, I mean exploit them correctly, but testing, I use the 0:08:41.440000 --> 0:08:47.220000 word test and I will use this word throughout the entirety of this course. 0:08:47.220000 --> 0:08:52.360000 Testing essentially just refers to when you as a penetration test, I have 0:08:52.360000 --> 0:08:55.280000 found a vulnerability, but in order to verify that that vulnerability 0:08:55.280000 --> 0:08:59.720000 indeed can be exploited, you need to test it. 0:08:59.720000 --> 0:09:05.340000 Right. And so just think of it as validating the presence of the vulnerability 0:09:05.340000 --> 0:09:11.380000 and more importantly, what successful exploitation of a vulnerability 0:09:11.380000 --> 0:09:15.880000 may lead to, which as you know, is quite important in penetration testing. 0:09:15.880000 --> 0:09:20.620000 And then of course, logically speaking, or sequentially speaking, session 0:09:20.620000 --> 0:09:21.640000 management testing. 0:09:21.640000 --> 0:09:25.500000 So by the end of this course, you should be able to identify and exploit 0:09:25.500000 --> 0:09:30.220000 session management flaws, including session fixation, hijacking, cross 0:09:30.220000 --> 0:09:35.620000 side request forgery, and other cookie security vulnerabilities, or you 0:09:35.620000 --> 0:09:39.140000 know, vulnerabilities related to cookie and session security. 0:09:39.140000 --> 0:09:42.320000 So again, very, very simply laid out. 0:09:42.320000 --> 0:09:46.980000 And this makes, you know, this will make the whole course quite interesting, 0:09:46.980000 --> 0:09:50.880000 because again, I have to ensure that I cover all of these topics and give 0:09:50.880000 --> 0:09:55.240000 you the, you know, give you all the knowledge and skills required. 0:09:55.240000 --> 0:09:58.460000 And then of course, we have testing token based authentication. 0:09:58.460000 --> 0:10:04.820000 So by the end of this course, you should have an understanding off and 0:10:04.820000 --> 0:10:08.380000 you should be able to test token based authentication mechanisms like 0:10:08.380000 --> 0:10:13.880000 JWT, JSON Web tokens, and OAuth for vulnerabilities, including improper 0:10:13.880000 --> 0:10:17.260000 signing token leakage, and of course, misconfigurations. 0:10:17.260000 --> 0:10:22.740000 And finally, test testing for two factor authentication or, you know, 0:10:22.740000 --> 0:10:25.520000 performing bypassing two factor authentication. 0:10:25.520000 --> 0:10:28.840000 So by the end of this course, you should be able to identify potential 0:10:28.840000 --> 0:10:32.700000 bypass techniques for various two factor authentication systems or mechanisms, 0:10:32.700000 --> 0:10:40.080000 including, I would say, and especially OTP, you know, bypassing OTPs. 0:10:40.080000 --> 0:10:43.740000 And of course, there'll be various others, various other techniques that 0:10:43.740000 --> 0:10:48.260000 will be exploring replay attacks being the one that I included there in 0:10:48.260000 --> 0:10:52.920000 OTP. So your main thing, you may have another question at this point. 0:10:52.920000 --> 0:10:57.280000 And that is, what exactly do I need to know before taking this course? 0:10:57.280000 --> 0:10:59.060000 Well, I'm glad you asked. 0:10:59.060000 --> 0:11:04.940000 So obviously, given that this is, you know, part of the advanced web application 0:11:04.940000 --> 0:11:11.040000 penetration testing learning path, I would assume that you have a familiarity 0:11:11.040000 --> 0:11:13.240000 with HTTP or HTTPS. 0:11:13.240000 --> 0:11:16.820000 So you understand how the protocol works. 0:11:16.820000 --> 0:11:22.660000 What HTTP requests look like, what responses look like, the status codes, 0:11:22.660000 --> 0:11:28.500000 etc. Secondly, you should have some experience in web application penetration 0:11:28.500000 --> 0:11:32.860000 testing. What that means is that if you're if this is the first time you're 0:11:32.860000 --> 0:11:38.080000 hearing about CSRF, then again, this particular course will probably be 0:11:38.080000 --> 0:11:41.800000 a little bit difficult for you, because in certain cases, I assume that 0:11:41.800000 --> 0:11:46.040000 you have a fairly, fairly decent understanding as to what some vulnerabilities 0:11:46.040000 --> 0:11:51.640000 are that again, were covered in quite a bit of depth in the EWPT certification. 0:11:51.640000 --> 0:11:55.420000 But again, that's just at a very basic level. 0:11:55.420000 --> 0:12:00.980000 If you've ever done a CTF before, if you have experience, you know, with 0:12:00.980000 --> 0:12:04.700000 bug bounty hunting, you should be good to go. 0:12:04.700000 --> 0:12:08.560000 And then of course, this is not something that I, you know, I would say 0:12:08.560000 --> 0:12:13.320000 is that important, but a familiarity with the OASP top 10 and the web 0:12:13.320000 --> 0:12:17.380000 security testing guide, I think will be very important or will make the 0:12:17.380000 --> 0:12:22.760000 process a whole lot easier for you in that you'll sort of grasp, you know, 0:12:22.760000 --> 0:12:27.680000 some of the concepts that I'll be discussing really quickly, especially 0:12:27.680000 --> 0:12:33.280000 when we talk about tests and the fact that they, you know, are very closely 0:12:33.280000 --> 0:12:36.760000 related to the tests in WSTG. 0:12:36.760000 --> 0:12:41.920000 In most cases, a lot of the tests will be exploring and the naming of 0:12:41.920000 --> 0:12:48.320000 these tests, as well as the test IDs, will, you know, are directly taken 0:12:48.320000 --> 0:12:53.220000 from the WSTG. And if you're not familiar with what the WSTG is, don't 0:12:53.220000 --> 0:12:56.200000 worry, I introduce it in this course as well. 0:12:56.200000 --> 0:13:00.200000 So again, I would just say that you have a familiarity with the OASP top 0:13:00.200000 --> 0:13:06.560000 10, or you at least have heard of it you know, what it's all about. 0:13:06.560000 --> 0:13:09.500000 I'd also recommend this one, I would say is quite important. 0:13:09.500000 --> 0:13:12.540000 I would also recommend that you have experience in using web proxies like 0:13:12.540000 --> 0:13:16.140000 Burp Suite and or OASPZAP. 0:13:16.140000 --> 0:13:19.640000 So the bottom line is that you need to be able to understand how to intercept 0:13:19.640000 --> 0:13:26.060000 an HTTP request, how to modify it and send it, or how to utilize modules 0:13:26.060000 --> 0:13:29.520000 like the intruder or the repeater for testing. 0:13:29.520000 --> 0:13:33.780000 So if you know how to use Burp Suite even at a fundamental level, and 0:13:33.780000 --> 0:13:39.560000 you know how to modify, you know, request parameters, you should be good 0:13:39.560000 --> 0:13:43.220000 to go. So there's not a lot that you need to know. 0:13:43.220000 --> 0:13:48.400000 One final one that I would add here that is not actually mandatory is 0:13:48.400000 --> 0:13:52.040000 that you have, you know, a basic understanding of authentication and session 0:13:52.040000 --> 0:14:00.180000 management testing will go a long way, explained which ones are important 0:14:00.180000 --> 0:14:02.580000 and which ones aren't that important. 0:14:02.580000 --> 0:14:07.100000 But all of what I've listed out here, you know, will essentially make 0:14:07.100000 --> 0:14:11.120000 this course a lot more straightforward for you and will not, you know, 0:14:11.120000 --> 0:14:13.200000 take your way on to different tangents. 0:14:13.200000 --> 0:14:17.680000 You know, whereby you need to learn about a specific vulnerability in 0:14:17.680000 --> 0:14:22.260000 order for you to learn, let's say an advanced augmentation or an advanced 0:14:22.260000 --> 0:14:24.480000 version of the vulnerability in this course. 0:14:24.480000 --> 0:14:29.680000 So hopefully that all makes sense to you and with that being said, that 0:14:29.680000 --> 0:14:34.540000 brings us to the end of the course overview video and, you know, there's 0:14:34.540000 --> 0:14:38.200000 nothing else to say but let's get started and I'll see you in the first 0:14:38.200000 --> 0:14:39.300000 section of the course.