This course addresses flaws where improper enforcement of access restrictions allows unauthorized users to access or modify sensitive data or functionality, such as paste snippets or administrative pages, due to unverified input or missing role checks.
Overview
Syllabus
- Unit 1: Introduction to OWASP and Course Overview
- Getting Started
- Sending Requests with Curl
- Unit 2: Unverified Account Parameter in API Endpoints
- Exploiting Unverified Account Parameters
- Secure Your API with JWT
- Enforce User Authorization
- Removing the ID Parameter
- Centralize JWT Authentication Middleware
- Unit 3: Forced Browsing of Admin Pages
- Exploit Vulnerable Admin Endpoint
- Secure the Admin Endpoint
- Log Unauthorized Access Attempts
- Unit 4: Elevating User Privilege
- Privilege Escalation in Action
- Removing URL Parameters with JWT
- Restrict Unauthorized Role Changes
- Unit 5: Exposing Sensitive User Data
- Exposing Sensitive Unprotected Data
- Hashing Passwords with Bcrypt
- Secure User Data in API Responses
- Secure Sensitive Payment Information
Related Courses
Related Articles
-
[2026] Unlock 2000+ Free Certificates: Master Tech & Soft Skills with CodeSignal Learn
-
Become a Supercommunicator: Practical Skills for Better Conversations
-
CodeSignal – The Duolingo of Coding Practice
-
[2026] 100 Free & Most Popular CodeSignal Courses
-
9 Best Bug Bounty Courses for 2026: Ethical Hacking, Safer Web
-
[2026] 140+ Universities Just Launched 900+ Online Courses. Here’s the Full List.
