Broken Access Control | Complete Guide

Просмотров 43 тыс.

% 1 230

In this video, we cover the theory behind Access Control vulnerabilities, how to find these types of vulnerabilities from both a white box and black box perspective, how to exploit them and how to prevent them.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: bit.ly/30LWAtE
▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:28 - Web Security Academy Course (bit.ly/30LWAtE)
01:39 - Agenda
02:25 - What is Broken Access Control?
22:50 - How to Find Access Control Vulnerabilities?
30:29 - How to Exploit Access Control Vulnerabilities?
34:40 - How to Prevent Access Control Vulnerabilities?
39:00 - Resources
39:15 - Thank You
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Video slides: github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-access-control/theory/Broken%20Access%20Control%20Complete%20Guide%20Theory%20Video%20Slides.pdf
Web Security Academy OS Command Injection: portswigger.net/web-security/access-control
Cross-Origin Resource Sharing Playlist: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-t5FBwq-kudw.html&ab_channel=RanaKhalil
Rana's Twitter account: rana__khalil
Hacker Icons made by Freepik: www.freepik.com

Наука

Опубликовано:

21 янв 2023

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 54

@RanaKhalil101 Год назад

📚📚 Don't want to wait for the weekly release schedule to gain access to all the videos and want to be added to a discord server where you can ask questions? Make sure to sign up to my course: bit.ly/30LWAtE

@Stephanus21 Год назад

I know about you for a while now, just started with your videos , but I have to say you are one amazing teacher. Your soft voice and deep knowledge of the subject makes it a lot easier for me. Thank you so much. I will definitely buy your courses.

@user-gn7hh3zw6n 7 месяцев назад

This is gold! I've understood many concepts and solved 40+ labs on the academy website, thanks to your content. I think I won't miss any single video on this channel! Wish you all the best ❤❤❤

@gangsternerd8419 Год назад

Nobody teach as good as you, you make this thing easy to learn thanks Rhana❤

@1990shahid Год назад

Thank you for the work you've put into making this 🙏🏾

@hdammotowa9695 Год назад

This is my first video, I understood everything and I can't wait for the practical explanation شكرا

@MFoster392 Год назад

I love your videos they're so helpful :)

@snowden-IT Год назад

يعجبني حماسك والمثابرة شكرا على هذا الشرح

@maakthon5551 Год назад

Simple and forward , Thanks!

@Axel-rs3cg 11 месяцев назад

really well explained ✌🏽

@sintayehutsegayeworku1855 Год назад

Am totally new for IT field, am accountant in the banking industry. But now am learning computer science to be a hacker. I first see you in "David Bombal" RU-vid channel interview and now am your follower. Thank You for Doing This (I really want to buy your course but I can't I am in Ethiopia.

@Davidgonzalez-tp4ew Год назад

La explicación es muy clara, excelente video 🌄🌠😉🇨🇴🇨🇴

@xbaleks4609 Год назад

Chokrane Bzaff ! Thank You so much !

@MrBlackhats Год назад

yes make plz a bonus video about this topic!! thanks

@shayansec Год назад

Great vid...Just revised this vuln.

@sintayehutsegayeworku1855 Год назад

Thank You for doing this

@ahmedmouad344 Год назад

Finally Ur back again and on time cause i finish my finals soon 🥰

@css2165 Год назад

great video. will you upload ctf examples?

@riteshasthana7824 5 месяцев назад

Thank you mam for such informative videos

@gajendraupadhyay6740 Год назад

Its really good...👍👍keep it up..

@lifeofsq5653 9 месяцев назад

Hi Rana, Want to see how you are using Autorize in burpsuite to check for access contorl bypass

@paulojr1384 Год назад

Thank you Hana

@Love-yv1fc Год назад

Thank you❤

@brudora3096 Год назад

Thanks those videos ❤❤

@balasubramaniamgopal8437 10 месяцев назад

Brilliant !!

@Donut-qt9mr Год назад

thanksyou for the valueable content

@mohamedmahrous9500 Год назад

thank you ❤❤

@FaultyGlitch Год назад

Thank you

@kanimani8226 Год назад

Rana I love your content hope you all best What about the OSWE , and your progress ? Have you size it ?

@amin_alaa Год назад

thanks

@suyunovjasurbek 3 месяца назад

i like you'r vedios. thanks Mrs

@mohmino4532 7 месяцев назад

in fact is that I find it difficult to understand everything cuz my English skills are not perfect, but I do my best, and u still the number one to me tho .. so thx so much ma teacher تحية اليك من الجزائر .

@user-rs3nv6yu7s Год назад

Great job, Thank you from 🇵🇰

@rahulgogra7089 Год назад

please make a video on the extension.🙏

@tnt7298 Год назад

Could u upload whole videos which comes under "Access Control vulnerabilities"?

@chowdhurytowhidahmed7780 Год назад

Love from by heart

@css2165 Год назад

perfection

@nibrasmuhammed5105 Год назад

@rana khalil. 19:58 on this video, it is not vulnerable at all. I will tell the implementations. 1) Every request comes through a middleware which checks the jwt. if the jwt is altered, they will never get this function. since we are getting the id from jwt, we can ensure that the request comes from the owner of the the account. if someone altered id field of jwt, middleware return the request. hope you get it.

@kit4unez Год назад

No. How does authentication middleware prevents attacker to exploit this piece of code? Even if I am authenticated as user1 and order with id 2 (for example) was created by user2, I still can make a DELETE request to /orders/2/ and delete that order, because there was no access control in that piece of code

@nibrasmuhammed5105 Год назад

@@kit4unez talking about IDOR?