Part I: Bug Bounty Hunting for IDORs and Access Control Violations

Authenticated testing on Starbucks' public bug bounty program on HackerOne, focusing on identifying IDORs and access control violations. Includes an overview of IDORs versus access control issues.

rs0n_live•81.6K views•01:33:18

🔥 Related Trending Topics

LIVE TRENDS

This video may be related to current global trending topics. Click any trend to explore more videos about what's hot right now!

THIS VIDEO IS TRENDING!

This video is currently trending in Bangladesh under the topic 's'.

Trending Now Globally
s
100+
itoto system 12
20K+
ülke puanı
20K+
china astronauten
20K+
palmeiras vs santos
20K+
plzeň – fenerbahçe
10K+

About this video

Authenticated Testing on Starbucks' public bug bounty program on HackerOne, searching for IDORs and Access Control violations. 00:00 - IDOR vs Access Control Violation 07:29 - Choosing a Program 09:55 - Taking Notes is Mandatory 12:06 - Registering Accounts 18:59 - Locating Attack Vectors in Cookies 25:31 - Identifying Important Cookies 26:45 - How to Use Pointers 28:30 - Testing for IDORs in JWTs 39:14 - Identifying Mechanisms 46:40 - Avoiding False Positives 57:11 - Identifying Objects 1:00:14 - Testing for IDORs in APIs 1:10:30 - Grouping Mechanisms By Client ID Process 1:23:01 - Best-Case Scenario for IDORs Hire Me! - https://ars0nsecurity.com Watch Live! - https://twitch.tv/rs0n_live Free Tools! - https://github.com/R-s0n Connect! - https://www.linkedin.com/in/harrison-richardson-cissp-oswe-msc-7a55bb158/

Video Information

Views
81.6K

Total views since publication

Likes
3.3K

User likes and reactions

Duration
01:33:18

Video length

Published
Dec 10, 2023

Release date

Quality
hd

Video definition

About the Channel

rs0n_live

View channel →

Tags and Topics

This video is tagged with the following topics. Click any tag to explore more related content and discover similar videos:

#bug bounty #hackerone #bugcrowd #hacking #hacker

Tags help categorize content and make it easier to find related videos. Browse our collection to discover more content in these categories.