DES 228 – Mitigating OWASP 2025 Authentication Failures (UPDATED)

Course Overview

This course prepares web application developers to identify and mitigate Authentication Failures outlined in the OWASP Top 10 (2025). Learners will explore effective authentication controls, including the implementation of multi-factor authentication to defend against credential stuffing, brute force, and stolen credential attacks. The course covers hardening registration, credential recovery, and API authentication flows to prevent account enumeration, as well as safely limiting and monitoring failed login attempts.

By the end of the course, participants will understand how to implement secure session management practices, including high-entropy session identifiers and proper session lifecycle handling, to strengthen overall authentication security.