[MUSIC] Hello, and welcome to this third module. Authentication is a major component
of a secure web application. It ensures that only those users
who are properly identified and allowed to use the application are able
to access application resources. Session management is the other side of
the same coin, since that authenticated state of user requests need to be
properly handled and run as one session. When HTTP was first developed, it wasn't built with the ability
to keep application session state. In subsequent versions of HTTP, a mechanism was introduced in
order to keep application state. Understanding this mechanism is critical
to understanding how authentication and session management work
in web applications. By the end of this module, you'll be able
to evaluate a system to determine if it follows the generally prescribed
secure methods for authentication and session management in web applications. You'll be able to distinguish
the relationship between authentication, session management, and access control. You will also be able to exploit
WebGoat's authentication and session management vulnerability. As well as be able to evaluate
a system to determine if it performs sufficient security logging such
that non-repudiation is enforced. This will help drive the concepts
that you will learn in this module. So let's get started.