Это видео недоступно.
Сожалеем об этом.
Stephen Rees-Carter "Th1nk Lik3 a H4cker" - Laracon US 2023 Nashville
HTML-код
- Опубликовано: 30 июл 2023
- In this thrilling and interactive session, "Th1nk Lik3 a H4cker," Stephen Rees-Carter delivers an eye-opening on-stage hacking presentation. As an expert in cybersecurity and Laravel, Rees-Carter captivates the audience at Marathon Music Works with a live demonstration, challenging them to try and hack a Laravel application in real-time.
With a combination of engaging storytelling and hands-on activities, attendees gain invaluable insights into common hacking techniques and vulnerabilities that applications may face.
Through this unique experience, developers witness firsthand the importance of robust security practices and are empowered to strengthen their own Laravel projects against potential threats.
Join Stephen Rees-Carter in this exciting and educational session, as he unravels the world of hacking and equips developers with the knowledge to think like a hacker for enhanced application security.
Recorded Live at Marathon Music Works on July 19th, 2023.
00:00 Introduction to Laricon EU and Brisbane people
01:16 Explaining rate limiters and bypassing them
04:54 Breaking into the first challenge
06:05 Exploiting a vulnerability in the verify user account feature
09:07 Insecure direct object reference and accessing unauthorized resources
10:11 Escalating account to administrator using JavaScript injection
13:48 Bypassing web server to access environment file
20:39 Be cautious with insecure tools like markdown.
21:09 Stay updated with Laravel security through mailing list.
that was great! learned a lot of new things
Great talk
Can we have access to that command line tool?
hahaha this guy got the whole room quiet , lol awesome though he is really really good
Could please tell me how to use dropbear laravel?
Laravel needs to have some tests that you can call which check for these security things, and improved middle-age to stop these things from working!!
Laravel doesn't do these things by default, the vulnerabilities displayed were intentionally coded to demonstrate mistakes developers make without noticing. If you take away anything from this talk, it should be: 1. Always use policies (these are testable) 2. Sanitize user input, even from the route URL (maybe also 3. Don't load files based on strings provided by a user)
@@Ruggie1of1 Yes, but these things are also testable and standard tests would ensure that the user hasn't made these mistakes.
I see the correct password has been edited 😂
How can you tell? lol
@@alexhackney4045 I was there, and that’s _not_ the “correct” password that was chosen at the time.
I think the speaker should train his breathing and take it slow. This seems like a "end of the game" interview with so much panting.
LOL I can hack the Laravel sites now
🥴🥴🥴