This course on Broken Access Control Testing aims to teach learners the fundamentals of hacking and bug bounty hunting. By the end of the course, students will be able to identify and exploit access control vulnerabilities in web applications. The course covers topics such as different types of Insecure Direct Object References (IDOR), Request methods, Local File Inclusion, Path Traversal, Static pages, Parameter Manipulation, Logic Flaws, and more. The teaching method includes modules, readings, and practical examples. This course is intended for individuals interested in cybersecurity, ethical hacking, bug bounty hunting, and web application security testing.
Bugcrowd University - Broken Access Control Testing
Overview
Syllabus
Intro
Module Trainer
Module Outline
Module Reading
Introduction to Access Control bugs
Simple numeric IDOR
Bugcrowd VRT Rating
GUID based IDOR (cont.)
Hash based IDOR
Request methods
Local File Inclusion and Path Traversal
Static pages & "forceful browsing"
Static files
Direct function calling
Parameter Manipulation
Logic Flaws
Auxiliary Tips
Likely parameters/keyword to check for IDOR
COTS, OSS, and paywalled applications
Create a function matrix for MFLAC
Burp Intruder
References
Taught by
Bugcrowd
Related Courses
-
Learn Bug Bounty Hunting & Web Security Testing From Scratch
-
Penetration Testing and Ethical Hacking Complete Hands-on
-
Owning Cody's First Blog - RCE on Hacker101 and Hacking on FFH from BugBountyNotes.com - IDOR
-
Bug Bounty In Hindi
-
Hacking Web Applications & Penetration Testing: Web Hacking
-
Bug Hunting Course
