[Part I] Bug Bounty Hunting for IDORs and Access Control Violations

Описание к видео [Part I] Bug Bounty Hunting for IDORs and Access Control Violations

Authenticated Testing on Starbucks' public bug bounty program on HackerOne, searching for IDORs and Access Control violations.

00:00 - IDOR vs Access Control Violation
07:29 - Choosing a Program
09:55 - Taking Notes is Mandatory
12:06 - Registering Accounts
18:59 - Locating Attack Vectors in Cookies
25:31 - Identifying Important Cookies
26:45 - How to Use Pointers
28:30 - Testing for IDORs in JWTs
39:14 - Identifying Mechanisms
46:40 - Avoiding False Positives
57:11 - Identifying Objects
1:00:14 - Testing for IDORs in APIs
1:10:30 - Grouping Mechanisms By Client ID Process
1:23:01 - Best-Case Scenario for IDORs

Hire Me! - https://ars0nsecurity.com
Watch Live! -   / rs0n_live  
Free Tools! - https://github.com/R-s0n
Connect! -   / harrison-richardson-cissp-oswe-msc-7a55bb158  

Комментарии

Информация по комментариям в разработке

Похожие видео