DashboardModulesSecurity Controls
MODULE 05

Security Controls

Implement authentication, encryption, error handling, and database security controls.

4 hours
5 Topics
Exam Weight: 15%

Learning Objectives

  • Limit access using login and user roles
  • Protect data in transit and at rest
  • Implement error handling and logging
  • Protect sensitive data and functions
  • Protect database access

Topics

TOPIC 5A

Limit Access Using Login and User Roles

Implementing secure authentication, session management, and role-based access control.

45 minutes
  • Web session management
  • Secure session ID handling
  • Authentication mechanisms (password, MFA, biometric)
  • Authorization and access control models
  • Role-based access control (RBAC)
  • Password recovery best practices
  • Account lockout policies

OWASP Authentication Cheat Sheet

Authentication best practices

cheatsheet

OWASP Session Management

Session management guidelines

cheatsheet

NIST Digital Identity Guidelines

NIST identity and authentication guidelines

standard
  • Use established authentication frameworks
  • Implement proper session timeout and invalidation
  • Store passwords using strong hashing algorithms
  • Implement account lockout after failed attempts

Previous Module

Secure Coding

View All Modules

Next Module

Security Testing