Broken Access Control | Complete Guide
Рет қаралды 50,132
Күн бұрын
@RanaKhalil101 Жыл бұрын
📚📚 Don't want to wait for the weekly release schedule to gain access to all the videos and want to be added to a discord server where you can ask questions? Make sure to sign up to my course: bit.ly/30LWAtE
@Stephanus21 Жыл бұрын
I know about you for a while now, just started with your videos , but I have to say you are one amazing teacher. Your soft voice and deep knowledge of the subject makes it a lot easier for me. Thank you so much. I will definitely buy your courses.
@LeenPh 10 ай бұрын
This is gold! I've understood many concepts and solved 40+ labs on the academy website, thanks to your content. I think I won't miss any single video on this channel! Wish you all the best ❤❤❤
@gangsternerd8419 Жыл бұрын
Nobody teach as good as you, you make this thing easy to learn thanks Rhana❤
@sintayehutsegayeworku1855 Жыл бұрын
Am totally new for IT field, am accountant in the banking industry. But now am learning computer science to be a hacker. I first see you in "David Bombal" KZbin channel interview and now am your follower. Thank You for Doing This (I really want to buy your course but I can't I am in Ethiopia.
@1990shahid Жыл бұрын
Thank you for the work you've put into making this 🙏🏾
@hdammotowa9695 Жыл бұрын
This is my first video, I understood everything and I can't wait for the practical explanation شكرا
@snowden-IT Жыл бұрын
يعجبني حماسك والمثابرة شكرا على هذا الشرح
@MFoster392 Жыл бұрын
I love your videos they're so helpful :)
@ahmedmouad344 Жыл бұрын
Finally Ur back again and on time cause i finish my finals soon 🥰
@mohmino4532 10 ай бұрын
in fact is that I find it difficult to understand everything cuz my English skills are not perfect, but I do my best, and u still the number one to me tho .. so thx so much ma teacher تحية اليك من الجزائر .
@maakthon5551 Жыл бұрын
Simple and forward , Thanks!
@MrBlackhats Жыл бұрын
yes make plz a bonus video about this topic!! thanks
@Ahmed-s3d5u Ай бұрын
thank you for course ❤❤❤
@xbaleks4609 Жыл бұрын
Chokrane Bzaff ! Thank You so much !
@riteshasthana7824 8 ай бұрын
Thank you mam for such informative videos
@lifeofsq5653 Жыл бұрын
Hi Rana, Want to see how you are using Autorize in burpsuite to check for access contorl bypass
@Davidgonzalez-tp4ew Жыл бұрын
La explicación es muy clara, excelente video 🌄🌠😉🇨🇴🇨🇴
@Axel-rs3cg Жыл бұрын
really well explained ✌🏽
@shayansec Жыл бұрын
Great vid...Just revised this vuln.
@suyunovjasurbek 6 ай бұрын
i like you'r vedios. thanks Mrs
@sintayehutsegayeworku1855 Жыл бұрын
Thank You for doing this
@AamirAr-b2n Жыл бұрын
Great job, Thank you from 🇵🇰
@paulojr1384 Жыл бұрын
Thank you Hana
@FaultyGlitch Жыл бұрын
Thank you
@nibrasmuhammed5105 Жыл бұрын
@rana khalil. 19:58 on this video, it is not vulnerable at all. I will tell the implementations. 1) Every request comes through a middleware which checks the jwt. if the jwt is altered, they will never get this function. since we are getting the id from jwt, we can ensure that the request comes from the owner of the the account. if someone altered id field of jwt, middleware return the request. hope you get it.
@kit4unez Жыл бұрын
No. How does authentication middleware prevents attacker to exploit this piece of code? Even if I am authenticated as user1 and order with id 2 (for example) was created by user2, I still can make a DELETE request to /orders/2/ and delete that order, because there was no access control in that piece of code
@nibrasmuhammed5105 Жыл бұрын
@@kit4unez talking about IDOR?
@richardIambert Ай бұрын
I think the purpose of the code review was to get people thinking about some of the ways in which broken auth vulnerabilites can be introduced into an app. Later in the video (~30:00), Rana explains that the vulnerability introduced by this code could be mitigated by performing access control checks elsewhere in the application, which checking the contents and integrity of a JWT in middleware would be an example of.
@css2165 Жыл бұрын
great video. will you upload ctf examples?
@rahulgogra7089 Жыл бұрын
please make a video on the extension.🙏
@mohamedmahrous9500 Жыл бұрын
thank you ❤❤
@Donut-qt9mr Жыл бұрын
thanksyou for the valueable content
@gajendraupadhyay6740 Жыл бұрын
Its really good...👍👍keep it up..
@tnt7298 Жыл бұрын
Could u upload whole videos which comes under "Access Control vulnerabilities"?
@kanimani8226 Жыл бұрын
Rana I love your content hope you all best What about the OSWE , and your progress ? Have you size it ?
@brudora3096 Жыл бұрын
Thanks those videos ❤❤
@balasubramaniamgopal8437 Жыл бұрын
Brilliant !!
@amin_alaa Жыл бұрын
thanks
@chowdhurytowhidahmed7780 Жыл бұрын
Love from by heart
@CRYSTAL-fd4fw 8 ай бұрын
Mashalla sesiter
@TheBlackmanIsGod Жыл бұрын
So access control is like permissions????
@saadeddine6418 Жыл бұрын
think you sister you the best
@css2165 Жыл бұрын
perfection
@rolamahmoud9678 Жыл бұрын
يعطيكي العافية انسة رنا يا ريت تعملي فيديوهات بالعربي وشكرا
@sakura-gd8nh 4 ай бұрын
Where can I use the lab is it free?????
@Shintowel Жыл бұрын
Love u sister please how to use autorize
@omarkalom1962 Жыл бұрын
Thanks from 🇮🇱✌️
@noorrehman6344 Жыл бұрын
Please make web hacking course for udemy
@ctc8998 7 ай бұрын
bring back cortex
@Matinirx Жыл бұрын
🤘🏻👌
@gaelslv2068 3 ай бұрын
عربيه واضح من الصوت
@Omar0x_7 9 ай бұрын
يا لو الشرح ده بالعربي
@sayantandatta2996 Жыл бұрын
Kindly update theic or speak louder please
@Aquax1000 11 күн бұрын
Do something with your voice
@TheCyberWarriorGuy Жыл бұрын
:)
@Love-yv1fc Жыл бұрын
Thank you❤
Rana Khalil
Рет қаралды 14 М.
Citynews flim
Рет қаралды 409 М.