#NahamCon2024
Рет қаралды 5,599
Күн бұрын
@ZarakKhanNiazi 5 ай бұрын
BBRE guy is the only person who cares about eyesight of content consumers, he used large fonts which we can read easily
@BugBountyReportsExplained 19 күн бұрын
You're welcome ;)
@KarahannAe 5 ай бұрын
18:24 if anyone else was also confused when he says POST-AUTH REDIRECT he is talking about after the Oauth dance is over, he doesnt mean POST based oauth flow.
@BugBountyReportsExplained 19 күн бұрын
I see how this can be confusing. Since then, I have changed how I say this part to after-auth redirect to be clearer.
@so3litude_ 5 ай бұрын
Even though the state parameter is present in the request you should always check for CSRF I've found many targets vulnerable to this . Most of the people leave as soon as they see State parameter in the request. This happens because of misconfig in OUath flow where it doesen't validate the state parameter server side . It only checks if it is present or not.
@deporison 5 ай бұрын
Also the login csrf is still possible because we still have the state and we can send it to the user
@BugBountyReportsExplained 5 ай бұрын
very true! The presence doesn't mean it's checked
@heller64 5 ай бұрын
most site now uses strict url validation on redirect_uri not even extra dot can be added btw thx greg
@MarkFoudy 5 ай бұрын
Thanks Ben!
@MianHizb 5 ай бұрын
this was nice
@bughunter9766 5 ай бұрын
Thanks Ben and Enjoooooooy 😊
@ZarakKhanNiazi 5 ай бұрын
I love and enjoy hearing him say enjoy
@bughunter9766 5 ай бұрын
@@ZarakKhanNiazi All of us like it 😁✌️✌️✌️
@InfoSecIntel 5 ай бұрын
Hey brother can you add these to the playlist
@hamzabohra5083 5 ай бұрын
Second
Family Games Media
Рет қаралды 66 МЛН