Hands-On Authorization: In Practice
RCCE students will learn authorization security including access control models (RBAC, ABAC, ReBAC), privilege escalation testing, IDOR vulnerabilities, and authorization bypass techniques. RCCE students will learn to evaluate authorization implementations for horizontal and vertical privilege escalation, test for Insecure Direct Object References, assess role-based and attribute-based access control configurations, identify broken function-level authorization, implement secure authorization patterns, design authorization architectures that enforce least privilege, and build authorization testing into security assessment and development workflows. This practice-intensive course emphasizes applied skills through lab exercises, real-world scenarios, and production-realistic workflows. Building on core knowledge, RCCE students will learn by doing, building muscle memory and practical confidence through repeated hands-on engagement. Students complete exercises that mirror actual workplace tasks, ensuring skills transfer directly to their professional roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Hands-On Authorization: In Practice
- Execute hands-on tasks for hands-on authorization:
- Execute hands-on tasks for in practice
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for core skills
- Execute hands-on tasks for applied outcomes — covering Practice-Intensive Focus.
- Execute hands-on tasks for authorization fundamentals
- Execute hands-on tasks for what is authorization? — covering Process of granting or denying access to resources.
- Execute hands-on tasks for authentication vs authorization boundary — covering Authentication (AuthN).
- Execute hands-on tasks for answers: who are you? — covering Evaluates access permissions.
- Execute hands-on tasks for authorization decision components
- Implement least-privilege enforcement across endpoints and roles
- Execute hands-on tasks for scope api permissions — covering Just-in-time access grants.
| Module 01 | Hands-On Authorization: |
| Module 02 | In Practice |
| Module 03 | Learning Objectives |
| Module 04 | Core Skills |
| Module 05 | Applied Outcomes |
| Module 06 | Authorization Fundamentals |
| Module 07 | What Is Authorization? |
| Module 08 | Authentication vs Authorization Boundary |
| Module 09 | Answers: WHO are you? |
| Module 10 | Authorization Decision Components |
| Module 11 | Principle of Least Privilege |
| Module 12 | Scope API permissions |
| Module 13 | Role-Based Access Control (RBAC) |
| Module 14 | Alice (Admin) |
All hands-on labs run on Rocheston Rose X OS. Students practice hands-on authorization: in practice by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for hands-on authorization:
- Lab 2: Execute hands-on tasks for in practice
- Lab 3: Execute hands-on tasks for learning objectives
- Lab 4: Execute hands-on tasks for core skills
- Lab 5: Execute hands-on tasks for applied outcomes
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Hands-On Authorization: In Practice, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI