Intermediate

Secure Authentication Implementation: DevSecOps Champion

secure · authentication · devsecops · champion · cybersecurity · fundamentals · networking · systems · security.

Almost any website, API, and even desktop software requires authentication. If authentication isn't implemented securely, it can grant attackers full access to other people's accounts. This module examines authentication as a core discipline for a developer security champion: what authentication actually means, the flows that make it up, the factors used to prove identity, how modern protocols like OpenID Connect and OAuth2 fit together, and how attackers exploit weak authentication implementations through techniques such as credential stuffing and weak account-recovery flows.

When you sign up for a service, you need to prove who you are, and then, every time you use that service afterward, you need to prove it again — confirming that you are the same person who originally signed up.

There is a clear link between the two, but they are very different concerns, and conflating them in an implementation is a common source of security defects.

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

3 sections
  1. 1 Table of Contents
  2. 2 Module 1: Implementing Secure Authentication
  3. 3 Summary

Interested in this course?

Contact us to book it or get a custom training plan for your team.