Module 11: Authentication & Authorization Authentication Strong password policies. MFA as default. Passwordless methods. Authorization Role-based access control (RBAC). Attribute-based access control (ABAC). Common Issues Broken authentication (OWASP Top 10). Hardcoded credentials.