Bug Bounty Hunting for Client-Side Injection Vulnerabilities | Part I

Скачать Bug Bounty Hunting for Client-Side Injection Vulnerabilities | Part I бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно Bug Bounty Hunting for Client-Side Injection Vulnerabilities | Part I или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Cкачать музыку Bug Bounty Hunting for Client-Side Injection Vulnerabilities | Part I бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео Bug Bounty Hunting for Client-Side Injection Vulnerabilities | Part I

90% of the questions I get are about Cross-Site Scripting (XSS) and other Client-Side Injection attacks, so I decided to make a nearly 5 hour video doing my best to explain how to hunt for Client-Side Injection attacks in real-world applications.

00:00 - Why I'm Making This Video
01:50 - Quick Review of Object Oriented Programming (OOP)
04:02 - The Document Object Model (DOM)
08:11 - Three Strategies for Hunting for Client-Side Injections
09:03 - Strategy 1: Reflected Input in Unauthenticated Routes (Hidden Subdomains)
12:00 - Strategy 2: Reflected Input in Authenticated Routes (Hidden Endpoints)
12:48 - Strategy 3: DOM Injection in Custom Javascript Files & NPM Packages
16:22 - How Compensating Controls Effect Client-Side Injections
18:14 - Cookie Flags (httpOnly, secure, dopmain scoping, etc.)
20:28 - Browser Security Headers
21:00 - Content Security Policy (CSP)
22:29 - Web Application Firewall (WAF)
24:00 - Client-Side Validation
24:46 - Server-Side Validation
25:12 - Output Encoding
26:30 - Shut Up and Hunt!!
26:44 - Starbucks Doesn't Care if You Steal a Cup of Coffee
29:30 - Identifying Our Target Domains
30:15 - Importing Scan Data
32:07 - Notes Are Madatory
32:55 - Defining Categories for Live URLs
39:32 - Sorting Live URL's into Categories
1:00:22 - Setting Up Burpsuite
1:01:45 - Finding Targets in Endpoints w/ No Functionality
1:26:40 - Finding Targets in Endpoints w/ Restricted Access
1:33:33 - Checking Fuzzing Results & Expanding Attack Surface
1:49:42 - Finding Targets in API Endpoints
1:54:45 - Finding Targets in Third-Party Services
2:01:18 - Finding Targets in Internal Services
2:04:21 - Finding Targets in Full Applications
2:11:16 - Discuss Possibilities for Attack Vectors in Each Category
2:14:20 - Building a Custom Burp Scan to Find Reflected Input
2:20:08 - Finding Attack Vectors in Targets
2:31:14 - Identifying Compensating Controls in First Attack Vector
3:14:36 - Testing Web Application Firewall (WAF) Bypass
3:38:20 - Testing Validation and Output Encoding Bypass
3:48:45 - Scoring Our First Attack Vector
3:53:15 - Identifying Compensating Controls in Second Attack Vector
4:09:30 - Scoring Our Second Attack Vector
4:12:20 - Talking Through Different Use-Cases
4:37:00 - Summary of Methodology & What We Learned

Discord -   / discord
Hire Me! - https://ars0nsecurity.com
Watch Live! -   / rs0n_live
Free Tools! - https://github.com/R-s0n
Connect! -   / harrison-richardson-cissp-oswe-msc-7a55bb158