Skip to contentRU

Talk type: Master class

Безопасность

Date: 08.11 / Start: 00:00 – Finish: 00:00

IDOR (BOLA) vulnerability search

Talk in Russian

Presentation pdf

You usually start with pentest by trying passwords from some service (brute force) and searching for XSS by adding <img src=x onerror=alert('XSS');> to the fields.

But the best place to start is with IDOR (BOLA). This vulnerability is very simple and is often found in different services. We will learn how to do it in this tutorial.

#idor
#owasp_top_10
#pentest
#security

Speakers

Anna Vasilyeva
Company: ATI.SU

Invited experts

Anna Pravotorova
Company: ATI.SU

Other talks on «Безопасность»
- Watch recording
  Talk type: Talk
  API security testing: cases, tools and recommendations
  Ramazan Ramazanov
  Company: DeteAct
  Talk in Russian
- Watch recording
  Talk type: Talk
  Adding scripting language support to AFL and LibFuzzer with Lua as an example
  Sergey Bronnikov
  Company: VK/Tarantool
  Talk in Russian
- Watch recording
  Talk type: Talk
  Security analysis of Windows applications
  Vasily Burov
  Company: Kaspersky
  Talk in Russian