2017 OWASP Top 10: Broken Access Control
ฝัง
- เผยแพร่เมื่อ 27 มิ.ย. 2024
- New 2021 OWASP Lightboard Series:
• 2021 OWASP Top Ten
Video 5/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the #5 vulnerability listed in this year's OWASP Top 10 Security Risks: Broken Access Control. Learn about this security risk and how to guard against it.
community.f5.com/articles/lig... - วิทยาศาสตร์และเทคโนโลยี
Very Nicely Explained, in easy language & easy to understand
glad you enjoyed it!
Thanks.
This is the great tutorial series of OWASP for beginners.
glad you enjoyed it!
Ap advance hain
Waiting for A6. Hoping with more offensive examples rather than defensive(security measures).
Awesome explanation. Just one question how are you able to write in mirror image form
you can see how we do it here: th-cam.com/video/U7E_L4wCPTc/w-d-xo.html
you are awesome !!
Can we have IDOR and missing funtional level qccess control explanation.
For Broken Access control - U mentioned only the URL manipulation but even the session can be replaced and manipulated to break the access control. This is just my guess
You mention that WAF can help on this. Can you give some examples how it can assist? Does it assist in a similar way as DAST or SAST?
Here are a couple of videos on how WAFs can assist:
th-cam.com/video/p8CQcF_9280/w-d-xo.html
th-cam.com/video/HBbDKBV4QW0/w-d-xo.html
Also, here's one on how DAST/SAST technology can work together with a WAF to secure web applications: th-cam.com/video/dOytmYk9Lhw/w-d-xo.html
Hope this helps!
He's great at writing backwards
this is how we produce the Lightboard Lessons: th-cam.com/video/U7E_L4wCPTc/w-d-xo.html
Is there any difference between access control and authorisation?
Like he said authorisation is verifying user whereas access control is taking access of unwanted data .
@@roxor0758 isn't quite right. In this video, he's using access control to mean authorization. verifying a user is who they claim to be is _authentication_. verifying an authenticated user has access to a particular resource or service is authorization (or access control).
isn't webapp.com/admin-info is a sensitive data exposure example?
F5 WAF can solve this issue just make sure the Tuning of WAF
could you help me ? actually your voice cant absorb ,can't understand because you spoken fluently.