Hunting for IDORs with Katie Paxton-Fear

▬▬▬▬▬▬ TIMESTAMPS ⏰ ▬▬▬▬▬▬ 00:03:24 Katie's presentation starts ▬▬▬▬▬▬ Abstract & Bio 📝 ▬▬▬▬▬▬ Anyone who's watched Katie before knows that IDORs (Insecure Direct Object References) are some of her favourite bugs. Often caused by a single missing if statements, these lil bugs can have devastating impacts, and even worse they are everywhere! In this talk, she'll go through the what, where, how, and fixes of these tricky bugs. Giving you the ultimate IDOR / BOLA (Broken Object Level Authorisation) / BFLA (Broken Function Level Authorisation) methodology, how this can be automated and how it can't be automated, the fixes for some of these vulnerabilities and why even with all of this they're still some of the most common bugs to find, and why they're worth looking for. OUR GUEST: Katie Paxton-Fear Katie is an Application Security Engineer at Bugcrowd, a Lecturer and Manchester Metropolitan University and Ph.D. Student, but she's far more well known for her hobbies. On evenings and weekends, she hunts bugs! A self-described occasional bug bounty hunter, she loves the thrill of hunting down real vulnerabilities in software, but her passion is education. Through her YouTube channel, she creates weekly videos on how to get into bug bounty hunting, web application security, tooling and goes in-depth on a range of bugs and targets. Since starting as a mentee in 2019 at a HackerOne live event she's found 30+ bugs in real software, handed in her Ph.D. thesis, created 50+ videos on her YouTube channel and grown an audience of over 20,000 subscribers. A former developer and data scientist, she finds her success is directly related to being able to see through a website into the code/infrastructure, and she loves any opportunity to turn developers into hackers. ▬▬▬▬▬▬ Useful Links from Katie Paxton-Fear 🛠 ▬▬▬▬▬▬ https://github.com/InsiderPhD/Generic... https://hub.docker.com/r/busk3r/gener... ▬▬▬▬▬▬ Other Links 🛠 ▬▬▬▬▬▬ CyberChef: https://gchq.github.io/CyberChef/ ▬▬▬▬▬▬ Hosts 🎙️ ▬▬▬▬▬▬ Nancy Gariché ►   / nancygariche   ▬▬▬▬▬▬ Hosts 🎙️ ▬▬▬▬▬▬ Nikki Becher ►   / thedeadrobots​   Stefania Chaplin ►   / devstefops​   ▬▬▬▬▬▬ Connect with Us 👋 ▬▬▬▬▬▬ YOUTUBE ►    / owaspdevslop   DEV ► https://dev.to/devslop​ INSTAGRAM ►   / ​   TWITTER ►   / owasp_devslop​   LINKEDIN ►   / owasp-devslop