📚📚 Don't want to wait for the weekly release schedule to gain access to all the videos and want to be added to a discord server where you can ask questions? Make sure to sign up to my course: bit.ly/30LWAtE
I know about you for a while now, just started with your videos , but I have to say you are one amazing teacher. Your soft voice and deep knowledge of the subject makes it a lot easier for me. Thank you so much. I will definitely buy your courses.
This is gold! I've understood many concepts and solved 40+ labs on the academy website, thanks to your content. I think I won't miss any single video on this channel! Wish you all the best ❤❤❤
Am totally new for IT field, am accountant in the banking industry. But now am learning computer science to be a hacker. I first see you in "David Bombal" TH-cam channel interview and now am your follower. Thank You for Doing This (I really want to buy your course but I can't I am in Ethiopia.
@rana khalil. 19:58 on this video, it is not vulnerable at all. I will tell the implementations. 1) Every request comes through a middleware which checks the jwt. if the jwt is altered, they will never get this function. since we are getting the id from jwt, we can ensure that the request comes from the owner of the the account. if someone altered id field of jwt, middleware return the request. hope you get it.
No. How does authentication middleware prevents attacker to exploit this piece of code? Even if I am authenticated as user1 and order with id 2 (for example) was created by user2, I still can make a DELETE request to /orders/2/ and delete that order, because there was no access control in that piece of code
I think the purpose of the code review was to get people thinking about some of the ways in which broken auth vulnerabilites can be introduced into an app. Later in the video (~30:00), Rana explains that the vulnerability introduced by this code could be mitigated by performing access control checks elsewhere in the application, which checking the contents and integrity of a JWT in middleware would be an example of.
in fact is that I find it difficult to understand everything cuz my English skills are not perfect, but I do my best, and u still the number one to me tho .. so thx so much ma teacher تحية اليك من الجزائر .
📚📚 Don't want to wait for the weekly release schedule to gain access to all the videos and want to be added to a discord server where you can ask questions? Make sure to sign up to my course: bit.ly/30LWAtE
I know about you for a while now, just started with your videos , but I have to say you are one amazing teacher. Your soft voice and deep knowledge of the subject makes it a lot easier for me. Thank you so much. I will definitely buy your courses.
This is gold!
I've understood many concepts and solved 40+ labs on the academy website, thanks to your content.
I think I won't miss any single video on this channel!
Wish you all the best ❤❤❤
Nobody teach as good as you, you make this thing easy to learn thanks Rhana❤
Thank you for the work you've put into making this 🙏🏾
يعجبني حماسك والمثابرة شكرا على هذا الشرح
I love your videos they're so helpful :)
this is really great. keep up the good work!
Am totally new for IT field, am accountant in the banking industry. But now am learning computer science to be a hacker. I first see you in "David Bombal" TH-cam channel interview and now am your follower.
Thank You for Doing This (I really want to buy your course but I can't I am in Ethiopia.
This is my first video, I understood everything and I can't wait for the practical explanation شكرا
thank you for course ❤❤❤
@rana khalil. 19:58 on this video, it is not vulnerable at all. I will tell the implementations. 1) Every request comes through a middleware which checks the jwt. if the jwt is altered, they will never get this function. since we are getting the id from jwt, we can ensure that the request comes from the owner of the the account. if someone altered id field of jwt, middleware return the request. hope you get it.
No. How does authentication middleware prevents attacker to exploit this piece of code? Even if I am authenticated as user1 and order with id 2 (for example) was created by user2, I still can make a DELETE request to /orders/2/ and delete that order, because there was no access control in that piece of code
@@kit4unez talking about IDOR?
I think the purpose of the code review was to get people thinking about some of the ways in which broken auth vulnerabilites can be introduced into an app. Later in the video (~30:00), Rana explains that the vulnerability introduced by this code could be mitigated by performing access control checks elsewhere in the application, which checking the contents and integrity of a JWT in middleware would be an example of.
really well explained ✌🏽
Thank you mam for such informative videos
Simple and forward , Thanks!
La explicación es muy clara, excelente video 🌄🌠😉🇨🇴🇨🇴
Chokrane Bzaff !
Thank You so much !
Finally Ur back again and on time cause i finish my finals soon 🥰
in fact is that I find it difficult to understand everything cuz my English skills are not perfect, but I do my best, and u still the number one to me tho .. so thx so much ma teacher تحية اليك من الجزائر .
Thank you Hana
Thank You for doing this
yes make plz a bonus video about this topic!! thanks
Hi Rana, Want to see how you are using Autorize in burpsuite to check for access contorl bypass
thanksyou for the valueable content
Great vid...Just revised this vuln.
please make a video on the extension.🙏
Thank you
Thanks those videos ❤❤
Thank you❤
great video. will you upload ctf examples?
Its really good...👍👍keep it up..
Great job, Thank you from 🇵🇰
i like you'r vedios. thanks Mrs
thanks
Brilliant !!
Rana I love your content
hope you all best
What about the OSWE , and your progress ?
Have you size it ?
Could u upload whole videos which comes under "Access Control vulnerabilities"?
So access control is like permissions????
Love from by heart
Where can I use the lab is it free?????
يعطيكي العافية انسة رنا يا ريت تعملي فيديوهات بالعربي وشكرا
Love u sister please how to use autorize
Mashalla sesiter
think you sister you the best
perfection
Thanks from 🇮🇱✌️
Please make web hacking course for udemy
🤘🏻👌
يا لو الشرح ده بالعربي
عربيه واضح من الصوت
bring back cortex
:)
Do something with your voice
Kindly update theic or speak louder please
thank you ❤❤