[Part II] Bug Bounty Hunting for IDORs and Access Control Violations

Описание к видео [Part II] Bug Bounty Hunting for IDORs and Access Control Violations

Now that we understand how to test the boundaries of an application for IDORs, now we will do the same for hunting Access Control Violations. For today's video, we dig into the Pantheon program on BugCrowd.

00:00 - Intro
00:18 - Review IDORs vs. Access Control Violations
02:18 - Access Control Violation Examples
07:22 - Why Hunt for Access Control Violations?
12:00 - Shut Up and Hunt, Already!
12:13 - Exploring Pantheon's Program on Bugcrowd
15:00 - Getting to Know Pantheon's Auth
16:22 - Understanding Pantheon's Scope
17:12 - How to Sign Up for an Account
17:24 - Using Bugcrowd's Email Forwarding
18:25 - Creating our First Account
20:50 - Notes are Mandatory
21:39 - Setting Up Burpsuite
23:33 - Getting to Know the Application
24:16 - Weird AI Art Animation
24:50 - Defining the Environments
29:50 - Creating a Team Workspace
31:28 - Understanding the Granular Roles
41:09 - Creating Accounts for Each Role
46:16 - Finding Differences Between Roles
47:21 - Matching Differences to Mechanisms
48:55 - Finding a Mechanism to Target
51:20 - Expecations for Access Control Testing
54:00 - Understanding Our Target Mechanism
57:30 - What is GraphQL?
1:01:55 - Understanding the HTTP Request to GraphQL
1:04:40 - Understanding the Session Cookie
1:12:35 - Testing the Session Cookie
1:23:49 - What We Know So Far...
1:24:55 - Looking For Targets Outside of GraphQL
1:26:38 - Running an Authenticated Crawl in Burpsuite
1:28:24 - Getting to Know the Application (Part 2)
1:30:51 - Access Control Testing on "Create Site" Mechanism
1:33:35 - Burpsuite Discover Content
1:35:00 - Identifying GraphQL Operations
1:37:36 - Fuzzing For GraphQL Operations w/ Intruder
1:38:38 - Getting Ready For Testing
1:47:50 - Blindly Testing GraphQL Operations
1:57:19 - Understanding the Function of the GraphQL Operations
2:03:15 - Testing GraphQL Operations Based on Unauthorized Mechanisms
2:10:05 - Testing GraphQL Operation With Granular Role Permissions
2:12:52 - Summarizing Everything We Learned
2:14:30 - Thoughtful Testing and Final Thoughts
2:17:08 - Wrap Up

Discord -   / discord  
Hire Me! - https://ars0nsecurity.com
Watch Live! -   / rs0n_live  
Free Tools! - https://github.com/R-s0n
Connect! -   / harrison-richardson-cissp-oswe-msc-7a55bb158  

Комментарии

Информация по комментариям в разработке

Похожие видео