Скачать с ютуб [Part II] Bug Bounty Hunting for IDORs and Access Control Violations в хорошем качестве
[Part II] Bug Bounty Hunting for IDORs and Access Control Violations
1 год назад
Скачать бесплатно и смотреть ютуб-видео без блокировок [Part II] Bug Bounty Hunting for IDORs and Access Control Violations в качестве 4к (2к / 1080p)
У нас вы можете посмотреть бесплатно [Part II] Bug Bounty Hunting for IDORs and Access Control Violations или скачать в максимальном доступном качестве, которое было загружено на ютуб. Для скачивания выберите вариант из формы ниже:
Загрузить музыку / рингтон [Part II] Bug Bounty Hunting for IDORs and Access Control Violations в формате MP3:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса ClipSaver.ru
[Part II] Bug Bounty Hunting for IDORs and Access Control Violations
Now that we understand how to test the boundaries of an application for IDORs, now we will do the same for hunting Access Control Violations. For today's video, we dig into the Pantheon program on BugCrowd. 00:00 - Intro 00:18 - Review IDORs vs. Access Control Violations 02:18 - Access Control Violation Examples 07:22 - Why Hunt for Access Control Violations? 12:00 - Shut Up and Hunt, Already! 12:13 - Exploring Pantheon's Program on Bugcrowd 15:00 - Getting to Know Pantheon's Auth 16:22 - Understanding Pantheon's Scope 17:12 - How to Sign Up for an Account 17:24 - Using Bugcrowd's Email Forwarding 18:25 - Creating our First Account 20:50 - Notes are Mandatory 21:39 - Setting Up Burpsuite 23:33 - Getting to Know the Application 24:16 - Weird AI Art Animation 24:50 - Defining the Environments 29:50 - Creating a Team Workspace 31:28 - Understanding the Granular Roles 41:09 - Creating Accounts for Each Role 46:16 - Finding Differences Between Roles 47:21 - Matching Differences to Mechanisms 48:55 - Finding a Mechanism to Target 51:20 - Expecations for Access Control Testing 54:00 - Understanding Our Target Mechanism 57:30 - What is GraphQL? 1:01:55 - Understanding the HTTP Request to GraphQL 1:04:40 - Understanding the Session Cookie 1:12:35 - Testing the Session Cookie 1:23:49 - What We Know So Far... 1:24:55 - Looking For Targets Outside of GraphQL 1:26:38 - Running an Authenticated Crawl in Burpsuite 1:28:24 - Getting to Know the Application (Part 2) 1:30:51 - Access Control Testing on "Create Site" Mechanism 1:33:35 - Burpsuite Discover Content 1:35:00 - Identifying GraphQL Operations 1:37:36 - Fuzzing For GraphQL Operations w/ Intruder 1:38:38 - Getting Ready For Testing 1:47:50 - Blindly Testing GraphQL Operations 1:57:19 - Understanding the Function of the GraphQL Operations 2:03:15 - Testing GraphQL Operations Based on Unauthorized Mechanisms 2:10:05 - Testing GraphQL Operation With Granular Role Permissions 2:12:52 - Summarizing Everything We Learned 2:14:30 - Thoughtful Testing and Final Thoughts 2:17:08 - Wrap Up Discord - / discord Hire Me! - https://ars0nsecurity.com Watch Live! - / rs0n_live Free Tools! - https://github.com/R-s0n Connect! - / harrison-richardson-cissp-oswe-msc-7a55bb158
Comments
![[Part I] Bug Bounty Hunting for IDORs and Access Control Violations](https://i.ytimg.com/vi/BfbS8uRjeAg/mqdefault.jpg)
![[Part III] Bug Bounty Hunting for IDORs & Access Controls](https://i.ytimg.com/vi/EeBSqo7N2Bs/mqdefault.jpg)
