For Broken Access control - U mentioned only the URL manipulation but even the session can be replaced and manipulated to break the access control. This is just my guess
Here are a couple of videos on how WAFs can assist: ruclips.net/video/p8CQcF_9280/видео.html ruclips.net/video/HBbDKBV4QW0/видео.html Also, here's one on how DAST/SAST technology can work together with a WAF to secure web applications: ruclips.net/video/dOytmYk9Lhw/видео.html Hope this helps!
@@roxor0758 isn't quite right. In this video, he's using access control to mean authorization. verifying a user is who they claim to be is _authentication_. verifying an authenticated user has access to a particular resource or service is authorization (or access control).
This is the great tutorial series of OWASP for beginners.
glad you enjoyed it!
Ap advance hain
Very Nicely Explained, in easy language & easy to understand
glad you enjoyed it!
I want more videos like these.❤❤❤ great content, sir
Waiting for A6. Hoping with more offensive examples rather than defensive(security measures).
Awesome explanation. Just one question how are you able to write in mirror image form
you can see how we do it here: ruclips.net/video/U7E_L4wCPTc/видео.html
For Broken Access control - U mentioned only the URL manipulation but even the session can be replaced and manipulated to break the access control. This is just my guess
He's great at writing backwards
this is how we produce the Lightboard Lessons: ruclips.net/video/U7E_L4wCPTc/видео.html
You mention that WAF can help on this. Can you give some examples how it can assist? Does it assist in a similar way as DAST or SAST?
Here are a couple of videos on how WAFs can assist:
ruclips.net/video/p8CQcF_9280/видео.html
ruclips.net/video/HBbDKBV4QW0/видео.html
Also, here's one on how DAST/SAST technology can work together with a WAF to secure web applications: ruclips.net/video/dOytmYk9Lhw/видео.html
Hope this helps!
Thanks.
Can we have IDOR and missing funtional level qccess control explanation.
you are awesome !!
Is there any difference between access control and authorisation?
Like he said authorisation is verifying user whereas access control is taking access of unwanted data .
@@roxor0758 isn't quite right. In this video, he's using access control to mean authorization. verifying a user is who they claim to be is _authentication_. verifying an authenticated user has access to a particular resource or service is authorization (or access control).
F5 WAF can solve this issue just make sure the Tuning of WAF
isn't webapp.com/admin-info is a sensitive data exposure example?
could you help me ? actually your voice cant absorb ,can't understand because you spoken fluently.