- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
🚨 Mastering Access Control Vulnerabilities | IDOR, Privilege Escalation & More (Hands-On Guide)
Access Control Vulnerabilities are among the most critical and commonly exploited web application security flaws. In this video, we dive deep into Broken Access Control, the #1 category in the OWASP Top 10, and explore how attackers exploit authorization weaknesses to gain unauthorized access to sensitive data and functionality.
📚 What You'll Learn:
- Understanding Access Control and Authorization
- Horizontal vs Vertical Privilege Escalation
- Insecure Direct Object References (IDOR)
- Unprotected Admin Functionality
- Parameter-Based Access Control Issues
- Role Manipulation Vulnerabilities
- Forced Browsing & Hidden Endpoints
- Real-World Attack Scenarios
- Hands-On PortSwigger Web Security Academy Labs
- Testing Methodology Using Burp Suite
- Mitigation & Secure Development Practices
🎯 Perfect For:
Bug Bounty Hunters
Penetration Testers
Security Engineers
Web Application Developers
Students Preparing for eWPT, eWPTX, BSCP, OSWE and HTB (CWEE & CWES)
📌 CHAPTER TIMESTAMPS
━━━━━━━━━━━━━━━━━━━
00:00 – Channel Introduction
00:06 – Educational Disclaimer
00:14 – Video Overview
00:25 - Why this video series ?
01:49 - Study Guide for Access control vulnerabilities
02:27 - What is Authentication, Session Management & Access Control ?
07:02 - Lab1: Unprotected admin functionality
11:20 - Lab2: Unprotected admin functionality with unpredictable URL
15:10 - Lab3: User role controlled by request parameter
17:55 - Lab4: User role can be modified in user profile
25:19 - Lab5: User ID controlled by request parameter
28:40 - Lab6: User ID controlled by request parameter, with unpredictable user IDs
35:46 - Lab7: User ID controlled by request parameter with data leakage in redirect
39:36 - Lab8: User ID controlled by request parameter with password disclosure
43:24 - Lab9: Insecure direct object references (IDOR)
47:13 - Lab10: URL-based access control can be circumvented
53:50 - Lab11: Method-based access control can be circumvented
1:11:08 - Lab12: Multi-step process with no access control on one step
1:16:32 - Lab13: Referer-based access control
1:21:50 - Wrap-Up & Final thoughts
━━━━━━━━━━━━━━━━━━━
🛠️ Labs Covered:
https://portswigger.net/web-security/all-labs#access-control-vulnerabilities
👍 If you found this video helpful, don't forget to Like, Share, and Subscribe for more cybersecurity content, HTB walkthroughs, PortSwigger labs, certification journeys, and bug bounty tutorials. @cyber
#cybersecurity #accesscontrol #idor #privilegeescalation #bugbounty #websecurity #owasp #burpsuite #portswigger #PortSwiggerlabs #ethicalhacking #PenetrationTesting #webappsecurity #bughunter #securitytesting #owasptop10 #BrokenAccessControl #htb #oscp #eWPT #eWPTX #BugBountyHunter #appsec #infosec #informationsecurity #bugbountytips #applicationsecurity
Join this channel to get access to perks:
https://www.youtube.com/channel/UCCtFKWNX3RDtpTp4RjQbuPw/join
Видео 🚨 Mastering Access Control Vulnerabilities | IDOR, Privilege Escalation & More (Hands-On Guide) канала Cyber Adam
📚 What You'll Learn:
- Understanding Access Control and Authorization
- Horizontal vs Vertical Privilege Escalation
- Insecure Direct Object References (IDOR)
- Unprotected Admin Functionality
- Parameter-Based Access Control Issues
- Role Manipulation Vulnerabilities
- Forced Browsing & Hidden Endpoints
- Real-World Attack Scenarios
- Hands-On PortSwigger Web Security Academy Labs
- Testing Methodology Using Burp Suite
- Mitigation & Secure Development Practices
🎯 Perfect For:
Bug Bounty Hunters
Penetration Testers
Security Engineers
Web Application Developers
Students Preparing for eWPT, eWPTX, BSCP, OSWE and HTB (CWEE & CWES)
📌 CHAPTER TIMESTAMPS
━━━━━━━━━━━━━━━━━━━
00:00 – Channel Introduction
00:06 – Educational Disclaimer
00:14 – Video Overview
00:25 - Why this video series ?
01:49 - Study Guide for Access control vulnerabilities
02:27 - What is Authentication, Session Management & Access Control ?
07:02 - Lab1: Unprotected admin functionality
11:20 - Lab2: Unprotected admin functionality with unpredictable URL
15:10 - Lab3: User role controlled by request parameter
17:55 - Lab4: User role can be modified in user profile
25:19 - Lab5: User ID controlled by request parameter
28:40 - Lab6: User ID controlled by request parameter, with unpredictable user IDs
35:46 - Lab7: User ID controlled by request parameter with data leakage in redirect
39:36 - Lab8: User ID controlled by request parameter with password disclosure
43:24 - Lab9: Insecure direct object references (IDOR)
47:13 - Lab10: URL-based access control can be circumvented
53:50 - Lab11: Method-based access control can be circumvented
1:11:08 - Lab12: Multi-step process with no access control on one step
1:16:32 - Lab13: Referer-based access control
1:21:50 - Wrap-Up & Final thoughts
━━━━━━━━━━━━━━━━━━━
🛠️ Labs Covered:
https://portswigger.net/web-security/all-labs#access-control-vulnerabilities
👍 If you found this video helpful, don't forget to Like, Share, and Subscribe for more cybersecurity content, HTB walkthroughs, PortSwigger labs, certification journeys, and bug bounty tutorials. @cyber
#cybersecurity #accesscontrol #idor #privilegeescalation #bugbounty #websecurity #owasp #burpsuite #portswigger #PortSwiggerlabs #ethicalhacking #PenetrationTesting #webappsecurity #bughunter #securitytesting #owasptop10 #BrokenAccessControl #htb #oscp #eWPT #eWPTX #BugBountyHunter #appsec #infosec #informationsecurity #bugbountytips #applicationsecurity
Join this channel to get access to perks:
https://www.youtube.com/channel/UCCtFKWNX3RDtpTp4RjQbuPw/join
Видео 🚨 Mastering Access Control Vulnerabilities | IDOR, Privilege Escalation & More (Hands-On Guide) канала Cyber Adam
Комментарии отсутствуют
Информация о видео
13 июня 2026 г. 9:00:35
01:22:25
Другие видео канала
