Learn about broken access control testing in this comprehensive video from Bugcrowd University. Explore various types of access control vulnerabilities, including Insecure Direct Object References (IDOR), Local File Inclusion, Path Traversal, and logic flaws. Discover techniques for identifying and exploiting these vulnerabilities, such as parameter manipulation and forceful browsing. Gain insights into using tools like Burp Intruder for testing, and understand how to rate vulnerabilities using the Bugcrowd VRT. Delve into specific topics like GUID-based and hash-based IDORs, request methods, and auxiliary tips for effective testing. Perfect for aspiring white hat hackers and bug bounty hunters looking to enhance their skills in identifying and reporting access control issues.
Bugcrowd University - Broken Access Control Testing
Overview
Syllabus
Intro
Module Trainer
Module Outline
Module Reading
Introduction to Access Control bugs
Simple numeric IDOR
Bugcrowd VRT Rating
GUID based IDOR (cont.)
Hash based IDOR
Request methods
Local File Inclusion and Path Traversal
Static pages & "forceful browsing"
Static files
Direct function calling
Parameter Manipulation
Logic Flaws
Auxiliary Tips
Likely parameters/keyword to check for IDOR
COTS, OSS, and paywalled applications
Create a function matrix for MFLAC
Burp Intruder
References
Taught by
Bugcrowd
