TryHackMe OWASP Top 10 2025: IAAA Failures Walkthrough
Explore A01, A07, and A09 IAAA failures in this comprehensive TryHackMe walkthrough for 2025. π Room Link: https://tryhackme.com/room/owasptopten2025one
Djalil Ayed
775 views β’ Nov 16, 2025
About this video
π― Learn about A01, A07, and A09 in how they related to failures in the applied IAAA model.
ππ Room Link: https://tryhackme.com/room/owasptopten2025one
This room breaks down 3 of the OWASP Top 10 2025 categories. In this room, you will learn about the categories that are related to failures in how Identity, Authentication, Authorisation, and Accountability (IAAA) is implemented in the application. You will put the theory into practice by completing supporting challenges. The following categories are covered in this room:
πA01: Broken Access Control
π A07: Authentication Failures
πA09: Logging & Alerting Failures
The room has been designed for beginners and assumes no previous security knowledge.
π―π― Room Tasks: π―π―
[00:00] π― Task 1: Introduction
[01:47] π― Task 2: What is IAAA?
- What does IAAA stand for?
[02:56] π― Task 3: A01: Broken Access Control
- If you don't get access to more roles but can view the data of another users, what type of privilege escalation is this?
- What is the note you found when viewing the user's account who had more than $ 1 million?
[05:50] π― Task 4: A07: Authentication Failures
- What is the flag on the admin user's dashboard?
[09:13] π― Task 5: A09: Logging & Alerting Failures
- It looks like an attacker tried to perform a brute-force attack, what is the IP of the attacker?
- Looks like they were able to gain access to an account! What is the username associated with that account?
- What action did the attacker try to do with the account? List the endpoint the accessed.
[13:45] π― Task 6: Conclusion
β οΈ Educational Purpose Only
This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems.
#tryhackme #owasp #owasptop10
ππ Room Link: https://tryhackme.com/room/owasptopten2025one
This room breaks down 3 of the OWASP Top 10 2025 categories. In this room, you will learn about the categories that are related to failures in how Identity, Authentication, Authorisation, and Accountability (IAAA) is implemented in the application. You will put the theory into practice by completing supporting challenges. The following categories are covered in this room:
πA01: Broken Access Control
π A07: Authentication Failures
πA09: Logging & Alerting Failures
The room has been designed for beginners and assumes no previous security knowledge.
π―π― Room Tasks: π―π―
[00:00] π― Task 1: Introduction
[01:47] π― Task 2: What is IAAA?
- What does IAAA stand for?
[02:56] π― Task 3: A01: Broken Access Control
- If you don't get access to more roles but can view the data of another users, what type of privilege escalation is this?
- What is the note you found when viewing the user's account who had more than $ 1 million?
[05:50] π― Task 4: A07: Authentication Failures
- What is the flag on the admin user's dashboard?
[09:13] π― Task 5: A09: Logging & Alerting Failures
- It looks like an attacker tried to perform a brute-force attack, what is the IP of the attacker?
- Looks like they were able to gain access to an account! What is the username associated with that account?
- What action did the attacker try to do with the account? List the endpoint the accessed.
[13:45] π― Task 6: Conclusion
β οΈ Educational Purpose Only
This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems.
#tryhackme #owasp #owasptop10
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
775
Likes
11
Duration
15:13
Published
Nov 16, 2025