Least Privilege Course

This course introduces the principle of least privilege and its importance in secure coding.

1 hour, 3 minutes

Course description

Least privilege is not so much a vulnerability as a vulnerability multiplier. Any error that allows an attacker to gain control of a program only grows worse when that application is running with high-level permissions. This course suggests how to implement applications in a way that minimizes the permissions needed.


Least Privilege Demo

Video - 00:05:00

This video demonstrates exploitation of a failure to obey least privilege.
Least Privilege Mitigations

Video - 00:03:00

This video describes how to implement least privilege.
Least Privilege Case Study

Video - 00:05:00

This video describes a case study of an application that failed to obey least privilege.
Least Privilege Exploitation

Video - 00:04:00

This video describes how failure to obey least privilege can be exploited by an attacker.
Least Privilege Vulnerabilities

Video - 00:06:00

This video describes how failure to obey least privilege can amplify the impact of an attack.
Introduction to Privileges

Video - 00:08:00

This video covers the fundamentals of privileges in operating systems.
Introduction to Least Privilege

Video - 00:02:00

This video provides an introduction to the least privilege course.
Secure Coding - PHP

Lab - 00:30:00

This lab covers multiple secure coding errors commonly found in PHP, including includes, evals, and both local and remote file inclusion attacks.

Meet the author

Howard Poston

Howard Poston is a copywriter, author, and course developer with experience in cybersecurity and blockchain security, cryptography, and malware analysis. He has an MS in Cyber Operations, a decade of experience in cybersecurity, and over five years of experience as a freelance consultant providing training and content creation for cyber and blockchain security. He is also the creator of over a dozen cybersecurity courses, has authored two books, and has spoken at numerous cybersecurity conferences. He can be reached by email at howard@howardposton.com or via his website at https://www.howardposton.com.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • Cyber Operator
  • Law Enforcement / Counterintelligence Forensics Analyst
  • Cyber Defense Forensics Analyst

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust