Web Security

Authentication Failures

Risk: Compromised user identity and session management. Includes weak passwords, session fixation, and poor credential recovery.

WEB-AUTH-01Module ID
Hands-onLab Type
IntermediateLevel
Start Learning All Modules

Overview

Implement strong authentication with proper password hashing, MFA, and robust session management.

Learning Outcomes

  • Enforce MFA and risk-based authentication
  • Hash passwords with modern schemes
  • Prevent session fixation and hijacking
  • Understand OAuth/OIDC basics and pitfalls
  • Build secure credential recovery flows

Hands-on Labs

Harden authentication flows, add MFA, and fix session vulnerabilities.

Defenses

Session rotation, secure cookies, throttling, and anomaly detection.

Launch OS3 Locally View on GitHub