Unveiling Oauth for Bug Bounty Hunting

Focused View

Anurag Verma

1:48:43

28 View

1. Introduction

1. Author Introduction.mp4

00:43

2. Introduction.mp4

01:22

3. Introduction to Oauth.mp4

06:41

2. About Oauth

1. History of oauth.mp4

03:58

2. About oauth 2.0.mp4

07:12

3. How oauth works.mp4

13:30

4. Oauth applications.mp4

01:25

3. Oauth Misconfigurations

1. Flawed validation by the client application.mp4

11:16

2. Forced profile linking client side misconfiguration.mp4

17:59

3. Code stealing via redirect uri misconfiguration on oauth provider.mp4

13:08

4. One click Account Takeover analysis of bug bounty target

1. Account takeover via bypassing restriction CORS and chaining HTML injection.mp4

19:26

2. Account takeover proof of concepts of previous lecture part 1.mp4

02:41

3. Account takeover proof of concept of previous lecture part 2.mp4

03:22

5. Business logic misconfigurations and links to reportsarticles

1. business logic misconfiguraitions.mp4

06:00

Description

learn about oauth ,its misconfigurations and understand oauth attack in real world scenerios

What You'll Learn?

What is oauth?
Types of oauth?
Oauth Misconfigurations with proper explanations
Learning different attacks possible in oauth
Learn chaining oauth with other vulnerabilities like CSRF,HTML injection
Business logic misconfigurations with oauth
Special case of bypassing CORS policy and finally making it to account takeover

Who is this for?

Ethical Hackers

Bug Bounty Hunters

Security Engineers

Red Teamers

Developers

IT analysts

Security Enthusiasts

What You Need to Know?

Good to know basics of burpsuite,postman,some basics of development like HTML,JS

If you haven't explored any of those mentioned above then no issue you can first learn basics of them then you are ready for the demonstrations

More details

Description
OAuth is one the most important topics nowadays if you study web applications penetration testing or API security testing or android security testing then OAuth is one of the most common topics, it is popularly used in almost every application, and vulnerabilities like account takeover are found in oauth misconfigurations,
if you don't know how to go for oauth testing then this course is for you, you will be able to learn different types of attacks possible with oauth with respective misconfiguration and will learn how chaining can be done in oauth with other vulnerabilities, I have demonstrated the oauth misconfiguration using portswigger labs and also discussed the live finding from a bug bounty programme, you can also find similar issues on your programme as well
This is a short course, in this course, you will be going to learn =>

What is Oauth?
Types of Oauth?
How does Oauth work?
What are oauth misconfigurations?
Demonstrations of account takeovers on lab and live cases
Analysing oauth flow from developers docs using Postman
Analysing how to bypass some of the restrictions and chaining oauth with other vulnerabilities
Understanding more business logic misconfiguration collected from various reports and articles.

Use the tutorials for education purposes only don't misuse them in the real world
Note: More videos will be added in future

Thanks
Who this course is for:
Ethical Hackers
Bug Bounty Hunters
Security Engineers
Red Teamers
Developers
IT analysts
Security Enthusiasts

User Reviews

Rating

average 0

Total votes0

Focused display

Bug Bounty

Anurag Verma

Instructor's Courses

Security Researcher and Undergraduate at NITH (National Institute of Technology Hamirpur) pursuing an Integrated Dual Degree(BTECH and MTECH) in Computer Science.Acknowledged by a lot of big organisations like Google, Ola, MobiKwik, Lenovo,lge, Mathworks, United Nations, Comcast and more...Contributed to the infosec community via teaching, conducting workshops and talks and with bug bounty itself.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.