Hunting Information Disclosures by URL Analysis скачать в хорошем качестве

Hunting Information Disclosures by URL Analysis

Uncover sensitive leaks hiding in plain sight. This session shows a practical, methodology-driven approach to finding information disclosures by analyzing URLs, query parameters, and exposed endpoints — without noisy scanning or destructive testing. Learn how attackers and researchers discover secrets (API keys, tokens, debug files, misconfigured backups) and how defenders can detect and remediate them. What this talk covers How to identify risky URL patterns, query parameters, and common disclosure sources Passive and active discovery techniques that respect scope and safety Practical URL analysis workflows: path fuzzing, parameter inspection, forced browsing, and indexed content checks Tools & techniques: browser extensions, wordlists, automated scripts, and search-engine (OSINT) methods Examples of information disclosures (config files, debug output, exposed S3/GCS paths, backup files) and safe PoC techniques Prioritization and triage: distinguishing true positives from noise and scoring impact Remediation advice: secure defaults, parameter filtering, proper ACLs, and automated detection Who should watch Application security engineers and pentesters Bug bounty hunters and threat researchers Developers and devops who want to harden web apps and APIs Security teams building detection and monitoring playbooks Tools mentioned Burp Suite, OWASP ZAP, ffuf/dirbuster, curl, browsers + devtools, custom scripts, and OSINT search techniques. Hosted by: SecurityBoat Community — Pune Speaker: Aditya Shende 🔔 Like, subscribe, and join our meetups for follow-up labs and hands-on exercises. 💬 Drop your questions or interesting URL patterns you’ve seen in the comments — we’ll discuss them in the next meetup! #InfoDisclosure #URLAnalysis #WebAppSecurity #BugBounty #SecurityBoatCommunity