Completed
Stopping the Whack-A-Mole
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Rage Against the IDOR's - Using Machine Learning Models to Detect and Stop Authorization Bypass Vulnerabilities
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Overview
- 3 Other types of Authorization Bypass
- 4 A condition might allow ignoring a check
- 5 A condition might allow skipping a check
- 6 Detection: Typical detection approaches
- 7 Stopping the Whack-A-Mole
- 8 Starting from first principles
- 9 Predicting authorization results
- 10 Single authorization logic - Challenges
- 11 Using request signals
- 12 Using a Random Forest to predict result
- 13 Limitation of using backend signals
- 14 Relying on the server response
- 15 Caveats of using response data
- 16 Using the data
- 17 Creating bags of hashes
- 18 Learning patterns of access
- 19 Building the models
- 20 Training the models
- 21 Detecting & Blocking attacks
- 22 General notes
- 23 Questions?