Broken Access Control | Complete Guide

Рет қаралды 46,472

Күн бұрын

In this video, we cover the theory behind Access Control vulnerabilities, how to find these types of vulnerabilities from both a white box and black box perspective, how to exploit them and how to prevent them.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: bit.ly/30LWAtE
▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:28 - Web Security Academy Course (bit.ly/30LWAtE)
01:39 - Agenda
02:25 - What is Broken Access Control?
22:50 - How to Find Access Control Vulnerabilities?
30:29 - How to Exploit Access Control Vulnerabilities?
34:40 - How to Prevent Access Control Vulnerabilities?
39:00 - Resources
39:15 - Thank You
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Video slides: github.com/rkh...
Web Security Academy OS Command Injection: portswigger.ne...
Cross-Origin Resource Sharing Playlist: • Cross-Origin Resource ...
Rana's Twitter account: / rana__khalil
Hacker Icons made by Freepik: www.freepik.com

Пікірлер: 55

@RanaKhalil101 Жыл бұрын

📚📚 Don't want to wait for the weekly release schedule to gain access to all the videos and want to be added to a discord server where you can ask questions? Make sure to sign up to my course: bit.ly/30LWAtE

@Stephanus21 Жыл бұрын

I know about you for a while now, just started with your videos , but I have to say you are one amazing teacher. Your soft voice and deep knowledge of the subject makes it a lot easier for me. Thank you so much. I will definitely buy your courses.

@user-gn7hh3zw6n 8 ай бұрын

This is gold! I've understood many concepts and solved 40+ labs on the academy website, thanks to your content. I think I won't miss any single video on this channel! Wish you all the best ❤❤❤

@sintayehutsegayeworku1855 Жыл бұрын

Am totally new for IT field, am accountant in the banking industry. But now am learning computer science to be a hacker. I first see you in "David Bombal" KZbin channel interview and now am your follower. Thank You for Doing This (I really want to buy your course but I can't I am in Ethiopia.

@gangsternerd8419 Жыл бұрын

Nobody teach as good as you, you make this thing easy to learn thanks Rhana❤

@1990shahid Жыл бұрын

Thank you for the work you've put into making this 🙏🏾

@user-iz8ww4bj4v 3 күн бұрын

thank you for course ❤❤❤

@mohmino4532 8 ай бұрын

in fact is that I find it difficult to understand everything cuz my English skills are not perfect, but I do my best, and u still the number one to me tho .. so thx so much ma teacher تحية اليك من الجزائر .

@hdammotowa9695 Жыл бұрын

This is my first video, I understood everything and I can't wait for the practical explanation شكرا

@MFoster392 Жыл бұрын

I love your videos they're so helpful :)

@snowden-IT Жыл бұрын

يعجبني حماسك والمثابرة شكرا على هذا الشرح

@lifeofsq5653 10 ай бұрын

Hi Rana, Want to see how you are using Autorize in burpsuite to check for access contorl bypass

@ahmedmouad344 Жыл бұрын

Finally Ur back again and on time cause i finish my finals soon 🥰

@maakthon5551 Жыл бұрын

Simple and forward , Thanks!

@nibrasmuhammed5105 Жыл бұрын

@rana khalil. 19:58 on this video, it is not vulnerable at all. I will tell the implementations. 1) Every request comes through a middleware which checks the jwt. if the jwt is altered, they will never get this function. since we are getting the id from jwt, we can ensure that the request comes from the owner of the the account. if someone altered id field of jwt, middleware return the request. hope you get it.

@kit4unez Жыл бұрын

No. How does authentication middleware prevents attacker to exploit this piece of code? Even if I am authenticated as user1 and order with id 2 (for example) was created by user2, I still can make a DELETE request to /orders/2/ and delete that order, because there was no access control in that piece of code

@nibrasmuhammed5105 Жыл бұрын

@@kit4unez talking about IDOR?

@MrBlackhats Жыл бұрын

yes make plz a bonus video about this topic!! thanks

@xbaleks4609 Жыл бұрын

Chokrane Bzaff ! Thank You so much !

@Axel-rs3cg Жыл бұрын

really well explained ✌🏽

@riteshasthana7824 7 ай бұрын

Thank you mam for such informative videos

@Davidgonzalez-tp4ew Жыл бұрын

La explicación es muy clara, excelente video 🌄🌠😉🇨🇴🇨🇴

@suyunovjasurbek 4 ай бұрын

i like you'r vedios. thanks Mrs

@shayansec Жыл бұрын

Great vid...Just revised this vuln.

@gajendraupadhyay6740 Жыл бұрын

Its really good...👍👍keep it up..

@rahulgogra7089 Жыл бұрын

please make a video on the extension.🙏

@sintayehutsegayeworku1855 Жыл бұрын

Thank You for doing this

@user-rs3nv6yu7s Жыл бұрын

Great job, Thank you from 🇵🇰

@FaultyGlitch Жыл бұрын

Thank you

@paulojr1384 Жыл бұрын

Thank you Hana

@css2165 Жыл бұрын

great video. will you upload ctf examples?

@CRYSTAL-fd4fw 6 ай бұрын

Mashalla sesiter

@balasubramaniamgopal8437 Жыл бұрын

Brilliant !!

@mohamedmahrous9500 Жыл бұрын

thank you ❤❤

@Donut-qt9mr Жыл бұрын

thanksyou for the valueable content

@amin_alaa Жыл бұрын

thanks

@kanimani8226 Жыл бұрын

Rana I love your content hope you all best What about the OSWE , and your progress ? Have you size it ?

@Love-yv1fc Жыл бұрын

Thank you❤

@brudora3096 Жыл бұрын

Thanks those videos ❤❤

@tnt7298 Жыл бұрын

Could u upload whole videos which comes under "Access Control vulnerabilities"?

@TheBlackmanIsGod 11 ай бұрын

So access control is like permissions????

@chowdhurytowhidahmed7780 Жыл бұрын

Love from by heart

@rolamahmoud9678 Жыл бұрын

يعطيكي العافية انسة رنا يا ريت تعملي فيديوهات بالعربي وشكرا

@css2165 Жыл бұрын

perfection

@sakura-gd8nh 3 ай бұрын

Where can I use the lab is it free?????

@saadeddine6418 Жыл бұрын

think you sister you the best

@Shintowel Жыл бұрын

Love u sister please how to use autorize

@omarkalom1962 Жыл бұрын

Thanks from 🇮🇱✌️

@gaelslv2068 Ай бұрын

عربيه واضح من الصوت

@Omar0x_7 8 ай бұрын

يا لو الشرح ده بالعربي

@ctc8998 5 ай бұрын

bring back cortex

@noorrehman6344 Жыл бұрын

Please make web hacking course for udemy

@Matinirx Жыл бұрын

🤘🏻👌

@TheCyberWarriorGuy Жыл бұрын

@sayantandatta2996 11 ай бұрын

Kindly update theic or speak louder please