Rage Against the IDOR's - Using Machine Learning Models to Detect and Stop Authorization Bypass Vulnerabilities

Rage Against the IDOR's - Using Machine Learning Models to Detect and Stop Authorization Bypass Vulnerabilities

nullcon via YouTube Direct link

General notes

22 of 23

22 of 23

General notes

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Rage Against the IDOR's - Using Machine Learning Models to Detect and Stop Authorization Bypass Vulnerabilities

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Overview
  3. 3 Other types of Authorization Bypass
  4. 4 A condition might allow ignoring a check
  5. 5 A condition might allow skipping a check
  6. 6 Detection: Typical detection approaches
  7. 7 Stopping the Whack-A-Mole
  8. 8 Starting from first principles
  9. 9 Predicting authorization results
  10. 10 Single authorization logic - Challenges
  11. 11 Using request signals
  12. 12 Using a Random Forest to predict result
  13. 13 Limitation of using backend signals
  14. 14 Relying on the server response
  15. 15 Caveats of using response data
  16. 16 Using the data
  17. 17 Creating bags of hashes
  18. 18 Learning patterns of access
  19. 19 Building the models
  20. 20 Training the models
  21. 21 Detecting & Blocking attacks
  22. 22 General notes
  23. 23 Questions?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.