Unveiling Oauth for Bug Bounty Hunting
learn about oauth ,its misconfigurations and understand oauth attack in real world scenerios
Description
OAuth is one the most important topics nowadays if you study web applications penetration testing or API security testing or android security testing then OAuth is one of the most common topics, it is popularly used in almost every application, and vulnerabilities like account takeover are found in oauth misconfigurations,
if you don't know how to go for oauth testing then this course is for you, you will be able to learn different types of attacks possible with oauth with respective misconfiguration and will learn how chaining can be done in oauth with other vulnerabilities, I have demonstrated the oauth misconfiguration using portswigger labs and also discussed the live finding from a bug bounty programme, you can also find similar issues on your programme as well
This is a short course, in this course, you will be going to learn =>
What is Oauth?
Types of Oauth?
How does Oauth work?
What are oauth misconfigurations?
Demonstrations of account takeovers on lab and live cases
Analysing oauth flow from developers docs using Postman
Analysing how to bypass some of the restrictions and chaining oauth with other vulnerabilities
Understanding more business logic misconfiguration collected from various reports and articles.
Use the tutorials for education purposes only don't misuse them in the real world
Note: More videos will be added in future
Thanks
What You Will Learn!
- What is oauth?
- Types of oauth?
- Oauth Misconfigurations with proper explanations
- Learning different attacks possible in oauth
- Learn chaining oauth with other vulnerabilities like CSRF,HTML injection
- Business logic misconfigurations with oauth
- Special case of bypassing CORS policy and finally making it to account takeover
Who Should Attend!
- Ethical Hackers
- Bug Bounty Hunters
- Security Engineers
- Red Teamers
- Developers
- IT analysts
- Security Enthusiasts