Unveiling Oauth for Bug Bounty Hunting

learn about oauth ,its misconfigurations and understand oauth attack in real world scenerios

Ratings: 4.30 / 5.00




Description

OAuth is one the most important topics nowadays if you study web applications penetration testing or API security testing or android security testing then OAuth is one of the most common topics, it is popularly used in almost every application, and vulnerabilities like account takeover are found in oauth misconfigurations,

if you don't know how to go for oauth testing then this course is for you, you will be able to learn different types of attacks possible with oauth with respective misconfiguration and will learn how chaining can be done in oauth with other vulnerabilities, I have demonstrated the oauth misconfiguration using portswigger labs and also discussed the live finding from a bug bounty programme, you can also find similar issues on your programme as well

This is a short course, in this course, you will be going to learn =>


  • What is Oauth?

  • Types of Oauth?

  • How does Oauth work?

  • What are oauth misconfigurations?

  • Demonstrations of account takeovers on lab and live cases

  • Analysing oauth flow from developers docs using Postman

  • Analysing how to bypass some of the restrictions and chaining oauth with other vulnerabilities

  • Understanding more business logic misconfiguration collected from various reports and articles.


Use the tutorials for education purposes only don't misuse them in the real world

Note: More videos will be added in future


Thanks

What You Will Learn!

  • What is oauth?
  • Types of oauth?
  • Oauth Misconfigurations with proper explanations
  • Learning different attacks possible in oauth
  • Learn chaining oauth with other vulnerabilities like CSRF,HTML injection
  • Business logic misconfigurations with oauth
  • Special case of bypassing CORS policy and finally making it to account takeover

Who Should Attend!

  • Ethical Hackers
  • Bug Bounty Hunters
  • Security Engineers
  • Red Teamers
  • Developers
  • IT analysts
  • Security Enthusiasts