Secure Authentication Implementation: DevSecOps Champion
secure · authentication · devsecops · champion · cybersecurity · fundamentals · networking · systems · security.
Almost any website, API, and even desktop software requires authentication. If authentication isn't implemented securely, it can grant attackers full access to other people's accounts. This module examines authentication as a core discipline for a developer security champion: what authentication actually means, the flows that make it up, the factors used to prove identity, how modern protocols like OpenID Connect and OAuth2 fit together, and how attackers exploit weak authentication implementations through techniques such as credential stuffing and weak account-recovery flows.
When you sign up for a service, you need to prove who you are, and then, every time you use that service afterward, you need to prove it again — confirming that you are the same person who originally signed up.
There is a clear link between the two, but they are very different concerns, and conflating them in an implementation is a common source of security defects.
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
3 sections- 1 Table of Contents
- 2 Module 1: Implementing Secure Authentication
- 3 Summary
More Cybersecurity Fundamentals courses
View all 9Data Security Champion: Data Encryption
Cryptography is a mature discipline built on ancient principles — substitution and transposition — now executed at massive scale and speed by modern computers. It underpins five essential...
Data Security Champion: Data Privacy Regulations
The significance of data privacy cannot be overstated. Every day, vast amounts of personal information are collected, processed, and stored by organizations, which makes that information...
Identity and Access Management: The Big Picture
Identity and access management brings together identification, authentication, authorization, and accounting (IAAA) into a coherent, centralized discipline for securing access to resource...
Network Security Basics
network · security · cybersecurity · fundamentals · networking · systems · attacks · remote · access · authentication · wireless · desktop · examining · exploits · layer · securing · asse...
Security Engineering: Access Control and Data Protection
This course examined the two intertwined engineering disciplines of access control and data protection.
Security Engineering: Asset Evaluation and Execution Plan
This course walked through the full lifecycle of a security engineer's role in securing a newly acquired IT estate — from understanding the job itself, through inventorying and evaluating...
Interested in this course?
Contact us to book it or get a custom training plan for your team.