1
00:00:00,210 --> 00:00:07,140
‫Authentication and authorization testing, so authentication and authorization are in other great function

2
00:00:07,140 --> 00:00:09,520
‫that modern Web applications provide to it.

3
00:00:10,320 --> 00:00:16,060
‫Authentication is the process of proving the identity of the user or any entity.

4
00:00:16,770 --> 00:00:21,900
‫So that means that users prove that they are who they say they are, and then the application allows

5
00:00:21,900 --> 00:00:24,120
‫them to view and interact with the content.

6
00:00:24,120 --> 00:00:24,400
‫Right.

7
00:00:25,110 --> 00:00:31,080
‫Nowadays, especially, authentication mechanisms are not just used for accessing content.

8
00:00:31,830 --> 00:00:36,170
‫It's also used to personalize content of just about any application.

9
00:00:36,750 --> 00:00:45,570
‫So your account on a Web application is starting to be a strong vector that corresponds to your real

10
00:00:45,570 --> 00:00:48,660
‫world existence, your identity.

11
00:00:49,380 --> 00:00:50,070
‫So guess what?

12
00:00:50,070 --> 00:00:54,750
‫This makes the authentication, of course, way more important today.

13
00:00:55,920 --> 00:01:01,740
‫But for you and me, there are a wide range of technologies available to implement authentication mechanisms

14
00:01:03,450 --> 00:01:10,710
‫so far, HTML form based authentication is the most used one, and in general, Web applications authenticate

15
00:01:10,740 --> 00:01:13,400
‫users with a username and password.

16
00:01:14,070 --> 00:01:17,440
‫But this can vary due to the application security needs.

17
00:01:18,330 --> 00:01:24,180
‫So then after authentication, the application grants permission to users in order to perform several

18
00:01:24,180 --> 00:01:29,940
‫actions, such as viewing files, executing something or whatever it may be.

19
00:01:30,660 --> 00:01:35,370
‫So that's why in this action, we are also going to cover authorization problems.

20
00:01:35,960 --> 00:01:43,890
‫OK, authorization is the process of determining what resources a user service or application has permission

21
00:01:43,890 --> 00:01:49,080
‫to access so it can be defined as an access policy of resources.

22
00:01:49,470 --> 00:01:55,170
‫Authentication and authorization are closely related concepts, but they are not the same.

23
00:01:55,640 --> 00:02:03,840
‫The first term proves the identity of a user website or any entity in any context, but authorization

24
00:02:03,840 --> 00:02:08,520
‫verifies the privileges granted to the authenticated identity.

25
00:02:08,940 --> 00:02:15,330
‫So, for example, once you log into your bank account, you're only authorized to transfer money from

26
00:02:15,330 --> 00:02:16,590
‫your accounts, for instance.

27
00:02:16,590 --> 00:02:18,720
‫Right, if you can do it with another account.

28
00:02:18,750 --> 00:02:22,520
‫This means that there's a serious authorization problem.

29
00:02:22,920 --> 00:02:29,910
‫So in the section we're going to talk about password policy problems, password related issues and brute

30
00:02:29,910 --> 00:02:31,080
‫forcing passwords.

31
00:02:31,620 --> 00:02:34,110
‫Also some problematic usage of captious.

32
00:02:34,590 --> 00:02:37,050
‫And then we're going to cover some authorization problems.