Broken Access Control | Complete Guide

Рет қаралды 57,399

Күн бұрын

Пікірлер: 58

@RanaKhalil101 2 жыл бұрын

📚📚 Don't want to wait for the weekly release schedule to gain access to all the videos and want to be added to a discord server where you can ask questions? Make sure to sign up to my course: bit.ly/30LWAtE

@Stephanus21 2 жыл бұрын

I know about you for a while now, just started with your videos , but I have to say you are one amazing teacher. Your soft voice and deep knowledge of the subject makes it a lot easier for me. Thank you so much. I will definitely buy your courses.

@LeenPh Жыл бұрын

This is gold! I've understood many concepts and solved 40+ labs on the academy website, thanks to your content. I think I won't miss any single video on this channel! Wish you all the best ❤❤❤

@nibrasmuhammed5105 Жыл бұрын

@rana khalil. 19:58 on this video, it is not vulnerable at all. I will tell the implementations. 1) Every request comes through a middleware which checks the jwt. if the jwt is altered, they will never get this function. since we are getting the id from jwt, we can ensure that the request comes from the owner of the the account. if someone altered id field of jwt, middleware return the request. hope you get it.

@kit4unez Жыл бұрын

No. How does authentication middleware prevents attacker to exploit this piece of code? Even if I am authenticated as user1 and order with id 2 (for example) was created by user2, I still can make a DELETE request to /orders/2/ and delete that order, because there was no access control in that piece of code

@nibrasmuhammed5105 Жыл бұрын

@@kit4unez talking about IDOR?

@richardIambert 4 ай бұрын

I think the purpose of the code review was to get people thinking about some of the ways in which broken auth vulnerabilites can be introduced into an app. Later in the video (~30:00), Rana explains that the vulnerability introduced by this code could be mitigated by performing access control checks elsewhere in the application, which checking the contents and integrity of a JWT in middleware would be an example of.

@ECHoBEaTS2024-et Жыл бұрын

Am totally new for IT field, am accountant in the banking industry. But now am learning computer science to be a hacker. I first see you in "David Bombal" KZbin channel interview and now am your follower. Thank You for Doing This (I really want to buy your course but I can't I am in Ethiopia.

@gangsternerd8419 2 жыл бұрын

Nobody teach as good as you, you make this thing easy to learn thanks Rhana❤

@1990shahid 2 жыл бұрын

Thank you for the work you've put into making this 🙏🏾

@hdammotowa9695 2 жыл бұрын

This is my first video, I understood everything and I can't wait for the practical explanation شكرا

@uselessvids5872 3 ай бұрын

this is really great. keep up the good work!

@MFoster392 2 жыл бұрын

I love your videos they're so helpful :)

@mohmino4532 Жыл бұрын

in fact is that I find it difficult to understand everything cuz my English skills are not perfect, but I do my best, and u still the number one to me tho .. so thx so much ma teacher تحية اليك من الجزائر .

@ahmedmouad344 2 жыл бұрын

Finally Ur back again and on time cause i finish my finals soon 🥰

@snowden-IT 2 жыл бұрын

يعجبني حماسك والمثابرة شكرا على هذا الشرح

@maakthon5551 Жыл бұрын

Simple and forward , Thanks!

@Axel-rs3cg Жыл бұрын

really well explained ✌🏽

@lifeofsq5653 Жыл бұрын

Hi Rana, Want to see how you are using Autorize in burpsuite to check for access contorl bypass

@Ahmed-s3d5u 5 ай бұрын

thank you for course ❤❤❤

@MrBlackhats 2 жыл бұрын

yes make plz a bonus video about this topic!! thanks

@riteshasthana7824 Жыл бұрын

Thank you mam for such informative videos

@xbaleks4609 2 жыл бұрын

Chokrane Bzaff ! Thank You so much !

@rahulgogra7089 Жыл бұрын

please make a video on the extension.🙏

@css2165 2 жыл бұрын

great video. will you upload ctf examples?

@AamirAr-b2n Жыл бұрын

Great job, Thank you from 🇵🇰

@shayansec 2 жыл бұрын

Great vid...Just revised this vuln.

@Davidgonzalez-tp4ew 2 жыл бұрын

La explicación es muy clara, excelente video 🌄🌠😉🇨🇴🇨🇴

@gajendraupadhyay6740 2 жыл бұрын

Its really good...👍👍keep it up..

@kanimani8226 2 жыл бұрын

Rana I love your content hope you all best What about the OSWE , and your progress ? Have you size it ?

@ECHoBEaTS2024-et Жыл бұрын

Thank You for doing this

@paulojr1384 2 жыл бұрын

Thank you Hana

@Donut-qt9mr Жыл бұрын

thanksyou for the valueable content

@tnt7298 2 жыл бұрын

Could u upload whole videos which comes under "Access Control vulnerabilities"?

@TheBlackmanIsGod Жыл бұрын

So access control is like permissions????

@balasubramaniamgopal8437 Жыл бұрын

Brilliant !!

@suyunovjasurbek 9 ай бұрын

i like you'r vedios. thanks Mrs

@brudora3096 2 жыл бұрын

Thanks those videos ❤❤

@Love-yv1fc 2 жыл бұрын

Thank you❤

@sakura-gd8nh 8 ай бұрын

Where can I use the lab is it free?????

@FaultyGlitch Жыл бұрын

Thank you

@Shintowel 2 жыл бұрын

Love u sister please how to use autorize

@rolamahmoud9678 Жыл бұрын

يعطيكي العافية انسة رنا يا ريت تعملي فيديوهات بالعربي وشكرا

@chowdhurytowhidahmed7780 2 жыл бұрын

Love from by heart

@amin_alaa Жыл бұрын

thanks

@saadeddine6418 Жыл бұрын

think you sister you the best

@css2165 2 жыл бұрын

perfection

@omarkalom1962 Жыл бұрын

Thanks from 🇮🇱✌️

@Lion_playerrr 11 ай бұрын

Mashalla sesiter

@noorrehman6344 2 жыл бұрын

Please make web hacking course for udemy

@Omar0x_7 Жыл бұрын

يا لو الشرح ده بالعربي

@gaelslv2068 6 ай бұрын

عربيه واضح من الصوت

@ctc8998 10 ай бұрын

bring back cortex

@Matinirx Жыл бұрын

🤘🏻👌

@Aquax1000 3 ай бұрын

Do something with your voice

@TheCyberWarriorGuy Жыл бұрын

@sayantandatta2996 Жыл бұрын

Kindly update theic or speak louder please

@mohamedmahrous9500 Жыл бұрын

thank you ❤❤