Part I: Bug Bounty Hunting for IDORs and Access Control Violations

Authenticated testing on Starbucks' public bug bounty program on HackerOne, focusing on identifying IDORs and access control violations. Includes an overview of IDORs versus access control issues.

Part I: Bug Bounty Hunting for IDORs and Access Control Violations
rs0n_live
81.6K views • Dec 10, 2023
Part I: Bug Bounty Hunting for IDORs and Access Control Violations

About this video

Authenticated Testing on Starbucks' public bug bounty program on HackerOne, searching for IDORs and Access Control violations.

00:00 - IDOR vs Access Control Violation
07:29 - Choosing a Program
09:55 - Taking Notes is Mandatory
12:06 - Registering Accounts
18:59 - Locating Attack Vectors in Cookies
25:31 - Identifying Important Cookies
26:45 - How to Use Pointers
28:30 - Testing for IDORs in JWTs
39:14 - Identifying Mechanisms
46:40 - Avoiding False Positives
57:11 - Identifying Objects
1:00:14 - Testing for IDORs in APIs
1:10:30 - Grouping Mechanisms By Client ID Process
1:23:01 - Best-Case Scenario for IDORs

Hire Me! - https://ars0nsecurity.com
Watch Live! - https://twitch.tv/rs0n_live
Free Tools! - https://github.com/R-s0n
Connect! - https://www.linkedin.com/in/harrison-richardson-cissp-oswe-msc-7a55bb158/

Tags and Topics

Browse our collection to discover more content in these categories.

#bug bounty #hackerone #bugcrowd #hacking #hacker

Video Information

Views

81.6K

Likes

3.3K

Duration

01:33:18

Published

Dec 10, 2023

User Reviews

4.7
(16)
Rate:

Related Trending Topics

LIVE TRENDS

Related trending topics. Click any trend to explore more videos.

Trending Now
v
200+