Finding Your First Bug: Business Logic Errors

bug bountyburpbusiness logichackeronecyber securityhackingbugcrowdtutorialbug huntingeducationlearninfoseccybersecuritypentestingpentration testing

Скачать Finding Your First Bug: Business Logic Errors бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно Finding Your First Bug: Business Logic Errors или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Cкачать музыку Finding Your First Bug: Business Logic Errors бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео Finding Your First Bug: Business Logic Errors

Correction: at 30:55 I launched intruder to just get errors back, however, this was because my JSON payloads were not legal JSON. I had missed a comma in Intruder. Thank you to FrenchPirate83 for finding that error.

Hi everyone, welcome to the first video in my new series "Finding Your First Bug" in this series I'm going to go over some good first bugs: explain what they are, how to find them, show some examples of real bugs in the wild that paid out and finally do a practical example with Burp on a real target.

In this video, we'll be discussing Business Logic Errors, a type of bug that targets the logic of a website or app rather than the technical implementation.

0:00 - Theory: what is a business logic error/how to find them
7:09 - Case studies: 8 examples of business logic bugs by complexity
21:28 - Practical Burp: Looking at Flurry an app in scope on the Verizon Media public program

-- Case Studies --
Response program can create bounty table - $500: https://hackerone.com/reports/460920 - OLO Total price manipulation using negative quantities - $3,500: https://hackerone.com/reports/364843
Able to manipulate order amount by removing cancellation amount and cause financial impact: $750 - https://hackerone.com/reports/614523
Gaining unlimited bonus points on websites with WooCommerce Points and Rewards - $150: https://hackerone.com/reports/592803
Lack of proper paymentProfileUUID validation allows any number of free rides without any outstanding balance - $1,500: https://hackerone.com/reports/574638
Lack of payment type validation in dial.uber.com allows for free rides - $5,000: https://hackerone.com/reports/162199
Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature - $2,500: https://hackerone.com/reports/334205 and   / harvesting-all-private-invites-using-leave...
Claiming package names in GitLab's automatic package referencer. - $1,000: https://hackerone.com/reports/462503

-- You Should Also Watch --
HOW TO GET STARTED IN BUG BOUNTY (9x PRO TIPS) - STÖK -    • HOW TO GET STARTED IN BUG BOUNTY (9x ...

-- Social Media --
Twitter:   / insiderphd