Secure Account Management Fundamentals from Pluralsight

Secure Account Management Fundamentals is all about exploiting then protecting security weaknesses in the features we often take for granted in websites today such as registration, logon, changing account info, and logoff.

A fundamental component of many modern day applications is the ability to create and manage user accounts. So many of the services we use every day as consumers and build as developers depend on the ability for customers to register, login, and then perform tasks under their identity. However, every day we see a barrage of attacks against poorly implemented account management facilities. These range from brute force attacks against the login to the impersonation of authenticated users, to the cracking of breached passwords. Often, weaknesses in account management facilities are simply due to the developers not having thought through the potential risks from a hacker's mindset. This course demonstrates how attackers think and exploit these weaknesses. There are numerous high-profile precedents including the celebrity iCloud photo hack, GitHub account attacks and Dropbox credential disclosure. In some of these cases, oversights in secure account management practices left systems unnecessarily vulnerable whilst in others, good practices undoubtedly mitigated the scale of the damage caused. This course regularly refers to real world examples – both good and bad – as a means of illustrating risks and the effectiveness of security controls.

What's inside

Syllabus

Introduction

Fundamental Security Concepts

Password Storage

Registration

Logon

Remember Me

Account Details Change

Password Reset

Logoff

Additional Considerations

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Taught by Troy Hunt, who is an accomplished author, speaker, and security researcher known for his work on password management and web security

Examines numerous high-profile precedents of successful attacks against poorly implemented account management facilities, such as the celebrity iCloud photo hack, GitHub account attacks and Dropbox credential disclosure

Explores fundamental security concepts and industry-standard best practices in password storage, registration, logon, password reset, and logoff

Develops skills for exploiting and protecting account management weaknesses, building cybersecurity savvy for both offense and defense

May require students to come in with some background knowledge in computer science and information security, making it better suited for intermediate learners

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Secure Account Management Fundamentals with these activities:

Read Section 2.5 of 'Web Application Hackers Handbook'

Show steps

Gain insights into password storage vulnerabilities and best practices from 'Web Application Hackers Handbook' to supplement your course knowledge.

View The Web Application Hacker's Handbook: Finding... on Amazon

Show steps

Obtain a copy of 'Web Application Hackers Handbook'
Focus on Section 2.5: 'Password Storage'
Take notes on the techniques and attack vectors discussed

Review OWASP Password Storage Cheat Sheet

Show steps

Review a detailed guide to secure password storage techniques and best practices from OWASP to solidify your understanding of the topic.

Browse courses on Password Storage

Show steps

Visit the OWASP Password Storage Cheat Sheet website
Thoroughly read through the cheat sheet and make notes on key takeaways
Consider how the techniques and recommendations apply to real-world scenarios

Practice Password Hashing with Bcrypt

Show steps

Implement password hashing with Bcrypt to reinforce your understanding of secure password storage techniques.

Browse courses on Password Hashing

Show steps

Set up a development environment with Python and Bcrypt
Write code to generate random passwords and hash them with Bcrypt
Test the implementation with different inputs and verify the results
Analyze the hashed passwords and compare them to the original ones

Five other activities

Expand to see all activities and additional details

Show all eight activities

Attend a Local Cybersecurity Meetup

Show steps

Connect with professionals and learn about industry best practices for account management by attending a local cybersecurity meetup.

Browse courses on Cybersecurity

Show steps

Find a local cybersecurity meetup group
Attend a meetup and engage in discussions with experts
Share your experiences and insights on account management

Create a Diagram of Secure Registration Process

Show steps

Visualize the secure registration process to reinforce your understanding of key steps and security measures involved.

Browse courses on Account Creation

Show steps

Identify the key steps in a registration process
Research best practices for secure registration
Use a diagramming tool or whiteboard to create a visual representation
Include security measures such as form validation, CAPTCHA, and email verification

Follow Azure AD B2C Custom Policy Tutorial

Show steps

Enhance your understanding of secure account management by following a guided tutorial on implementing a custom policy in Azure AD B2C.

Browse courses on Azure AD B2C

Show steps

Set up an Azure AD B2C tenant and configure a custom policy
Implement user registration, login, and password reset flows
Integrate with your application and test the authentication process

SQL Injection Practice on Account Management Forms

Show steps

Test your skills in preventing SQL injection vulnerabilities in account management forms to strengthen your ability to secure user data.

Browse courses on SQL Injection

Show steps

Set up a test environment with a web application and database
Craft SQL injection payloads and attempt to exploit the login or registration forms
Implement countermeasures such as parameterized queries and input validation
Verify the effectiveness of your対策

Contribute to a Security-Focused Open Source Project

Show steps

Gain practical experience and contribute to the security community by participating in an open-source project focused on account management.

Browse courses on Open Source

Show steps

Identify a suitable open-source project
Review the project's codebase and documentation
Identify areas where you can contribute
Submit a pull request or issue to the project

Career center

Learners who complete Secure Account Management Fundamentals will develop knowledge and skills that may be useful to these careers:

Security Engineer

Security Engineers develop and implement security controls to protect an organization's systems and data. Ensuring secure account management is a critical part of this role, and this course provides a solid foundation in the principles and practices of secure account management. This knowledge would be invaluable for any Security Engineer aspiring to excel in their field.

See salaries and explore the career path for Security Engineer

Information Security Analyst

Information Security Analysts plan and implement security measures to protect an organization's information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Course topics such as password storage, account details change, and logoff are all relevant to this role, thereby strengthening one's footing in the field.

See salaries and explore the career path for Information Security Analyst

Security Architect

Security Architects design, implement, and manage an organization's security infrastructure. A thorough understanding of account management security is essential for this role, as it helps ensure the confidentiality, integrity, and availability of an organization's data.

See salaries and explore the career path for Security Architect

Penetration Tester

Penetration Testers identify and exploit vulnerabilities in an organization's security systems. This course's focus on exploiting security weaknesses in account management features is directly relevant to this role, as it helps Penetration Testers develop the skills they need to assess and improve an organization's security posture.

See salaries and explore the career path for Penetration Tester

Security Consultant

Security Consultants provide advice and guidance to organizations on how to improve their security posture. A deep understanding of secure account management is essential for this role, as it allows Security Consultants to effectively assess an organization's security risks and make recommendations for improvement.

See salaries and explore the career path for Security Consultant

Software Developer

Software Developers design, develop, and maintain software applications. This course may be useful for Software Developers who are working on applications that require secure account management features, as it provides a solid foundation in the principles and practices of secure account management.

See salaries and explore the career path for Software Developer

Web Developer

Web Developers design, develop, and maintain websites. This course may be useful for Web Developers who are working on websites that require secure account management features, as it provides a solid foundation in the principles and practices of secure account management.

See salaries and explore the career path for Web Developer

Risk Analyst

Risk Analysts identify, assess, and mitigate risks to an organization's assets. A thorough understanding of account management security is essential for this role, as it helps Risk Analysts assess the risks associated with an organization's account management practices and develop strategies to mitigate those risks.

See salaries and explore the career path for Risk Analyst

Compliance Auditor

Compliance Auditors ensure that an organization's operations are in compliance with applicable laws and regulations. A deep understanding of secure account management is essential for this role, as it allows Compliance Auditors to effectively assess an organization's compliance with relevant laws and regulations.

See salaries and explore the career path for Compliance Auditor

Database Administrator

Database Administrators design, implement, and maintain databases. A basic understanding of secure account management is important for this role, as it helps Database Administrators ensure the security and integrity of an organization's data.

See salaries and explore the career path for Database Administrator

Network Administrator

Network Administrators design, implement, and maintain computer networks. A basic understanding of secure account management is important for this role, as it helps Network Administrators ensure the security and integrity of an organization's IT systems and data.

See salaries and explore the career path for Network Administrator

IT Manager

IT Managers plan, implement, and manage an organization's IT infrastructure. A basic understanding of secure account management is important for this role, as it helps IT Managers ensure the security and integrity of an organization's IT systems and data.

See salaries and explore the career path for IT Manager

Systems Administrator

Systems Administrators maintain and troubleshoot computer systems and networks. A basic understanding of secure account management is important for this role, as it helps Systems Administrators ensure the security and integrity of an organization's IT systems and data.

See salaries and explore the career path for Systems Administrator

Incident Responder

Incident Responders investigate and respond to security incidents. A basic understanding of secure account management is important for this role, as it helps Incident Responders identify and respond to security incidents that target account management systems.

See salaries and explore the career path for Incident Responder

Security Operations Center Analyst

Security Operations Center Analysts monitor and respond to security events. A basic understanding of secure account management is important for this role, as it helps Security Operations Center Analysts identify and respond to security threats that target account management systems.

See salaries and explore the career path for Security Operations Center Analyst