Technology cybersecurity Web Development
It's Steiner254
It's Steiner254

@Steiner254

22 Tweets 25 reads Dec 06, 2022
Twitter
Day 1⃣2⃣/2⃣0⃣ -- [Broken Access Control Vulnerabilities & Broken Authentication and Session Management]
➡️ Detecting & Exploiting IDOR, Privilege Escalation e.t.c
➡️ Below some of the best Tips & References (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇
#BugBounty
#bugbountytips
0/n
Insecure Direct Object References (IDOR)
@Steiner254/insecure-direct-object-references-idor-16bf0b981b90" target="_blank" rel="noopener" onclick="event.stopPropagation()">medium.com
Insecure Direct Object References (IDOR)
medium.com/@Steiner254/in…

Insecure Direct Object References (IDOR)

~ In this article we will cover:
1/n
The rise of IDOR by @Hacker0x01
hackerone.com
The Rise of IDOR
hackerone.com/company-news/r…

The Rise of IDOR

Insecure Direct Object References (or IDOR) is a simple bug that packs a punch. Discover where they’...
2/n
Top 25 IDOR Bug Bounty Reports
corneacristian.medium.com
Top 25 IDOR Bug Bounty Reports
corneacristian.medium.com/top-25-idor-bu…

Top 25 IDOR Bug Bounty Reports

In this article, we will discuss IDOR vulnerability, how to find one and present 25 disclosed report...
3/n
Portswigger access control vulnerabilities
portswigger.net
Access control vulnerabilities and privilege escalation | Web Security Academy
portswigger.net/web-security/a…

Access control vulnerabilities and privilege escalation | Web Security Academy

In this section, we will discuss what access control security is, describe privilege escalation and...
4/n
A01:2021 – Broken Access Control
owasp.org
owasp.org/Top10/A01_2021…

A01 Broken Access Control - OWASP Top 10:2021

OWASP Top 10:2021
5/n
Using match replace and Authmatrix
youtube.com
6/n
Finding your first IDOR Vulnerability by @InsiderPhD
youtube.com
7/n
Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty)
by @stokfredrik
youtube.com
8/n
TIP:
9/n
TIP:
10/n
TIP:
11/n
TIP:
12/n
TIP:
13/n
Broken Authentication on the login page
youtube.com
14/n
What is IDOR Vulnerability, and how does it affect you?
infosecwriteups.com
What is IDOR Vulnerability, and how does it affect you?
infosecwriteups.com/what-is-idor-v…

What is IDOR Vulnerability, and how does it affect you?

IDOR stands for insecure direct object reference
15/n
HTTP Cookie Hijacking in the Wild: Security and Privacy Implications
youtube.com
16/n
Session Hijacking Attack | Session ID and Cookie Stealing | SideJacking
youtube.com
17/n
SESSION DOES NOT EXPIRE AFTER PASSWORD CHANGE
forum.portswigger.net
forum.portswigger.net/thread/session…

SESSION DOES NOT EXPIRE AFTER PASSWORD CHANGE - Burp Suite User Forum

Description: On changing password both session using which user changes password and old sessions in...
18/n
Failure to invalidate session on logout leads to Account TakeOver
19/n
Failure to Invalidate Session on Logout
gaya3-r.medium.com
gaya3-r.medium.com/failure-to-inv…

Failure to Invalidate Session on Logout

Vulnerability Category: A5-Broken Access Control
n/n
Practice Makes Perfect!
Stay Ethical & Happy Hacking :)
See you here same time tomorrow!

Categories

Technology cybersecurity Web Development

Some tweets missing

Loading suggestions...