Hunting for IDORs with Katie Paxton-Fear

Sunday, May 2, 10:00am - 11:00am (EDT)

Time shown in America, New York

JOIN OUR MEETUP GROUP: https://www.meetup.com/OWASP-DevSlop-Project/events/277581348/

Anyone who's watched Katie before knows that IDORs (Insecure Direct Object References) are some of her favourite bugs. Often caused by a single missing if statements, these lil bugs can have devastating impacts, and even worse they are everywhere!

In this talk, she'll go through the what, where, how, and fixes of these tricky bugs. Giving you the ultimate IDOR / BOLA (Broken Object Level Authorisation) / BFLA (Broken Function Level Authorisation) methodology, how this can be automated and how it can't be automated, the fixes for some of these vulnerabilities and why even with all of this they're still some of the most common bugs to find, and why they're worth looking for.

OUR GUEST: Katie Paxton-Fear

Katie is an Application Security Engineer at Bugcrowd, a Lecturer and Manchester Metropolitan University and Ph.D. Student, but she's far more well known for her hobbies. On evenings and weekends, she hunts bugs!

A self-described occasional bug bounty hunter, she loves the thrill of hunting down real vulnerabilities in software, but her passion is education. Through her YouTube channel, she creates weekly videos on how to get into bug bounty hunting, web application security, tooling and goes in-depth on a range of bugs and targets.

Since starting as a mentee in 2019 at a HackerOne live event she's found 30+ bugs in real software, handed in her Ph.D. thesis, created 50+ videos on her YouTube channel and grown an audience of over 20,000 subscribers.

A former developer and data scientist, she finds her success is directly related to being able to see through a website into the code/infrastructure, and she loves any opportunity to turn developers into hackers.

Please fill out the information below to register for the event.

Going
Interested
Can't go

Full name

Email address

You're going to "Hunting for IDORs with Katie Paxton-Fear".

We've sent a confirmation email to your email address. Be sure to check your junk folder in case you haven't received the confirmation.

Add to Calendar 2021/05/02 10:00:00 2021/05/02 11:00:00 America/Toronto Hunting for IDORs with Katie Paxton-Fear JOIN OUR MEETUP GROUP: https://www.meetup.com/OWASP-DevSlop-Project/events/277581348/

Anyone who's watched Katie before knows that IDORs (Insecure Direct Object References) are some of her favourite bugs. Often caused by a single missing if statements, these lil bugs can have devastating impacts, and even worse they are everywhere!

In this talk, she'll go through the what, where, how, and fixes of these tricky bugs. Giving you the ultimate IDOR / BOLA (Broken Object Level Authorisation) / BFLA (Broken Function Level Authorisation) methodology, how this can be automated and how it can't be automated, the fixes for some of these vulnerabilities and why even with all of this they're still some of the most common bugs to find, and why they're worth looking for.

OUR GUEST: Katie Paxton-Fear

Katie is an Application Security Engineer at Bugcrowd, a Lecturer and Manchester Metropolitan University and Ph.D. Student, but she's far more well known for her hobbies. On evenings and weekends, she hunts bugs!

A self-described occasional bug bounty hunter, she loves the thrill of hunting down real vulnerabilities in software, but her passion is education. Through her YouTube channel, she creates weekly videos on how to get into bug bounty hunting, web application security, tooling and goes in-depth on a range of bugs and targets.

Since starting as a mentee in 2019 at a HackerOne live event she's found 30+ bugs in real software, handed in her Ph.D. thesis, created 50+ videos on her YouTube channel and grown an audience of over 20,000 subscribers.

A former developer and data scientist, she finds her success is directly related to being able to see through a website into the code/infrastructure, and she loves any opportunity to turn developers into hackers. https://youtu.be/lNcbSILRugM false MM/DD/YYYY 30 OPAQUE alqcujNovzVzusUtJmmM104566

You're interested in "Hunting for IDORs with Katie Paxton-Fear".

We've sent a confirmation email to your email address. Be sure to check your junk folder in case you haven't received the confirmation.

Thank you!

Your changes have been saved. Thanks for keeping us updated.

https://youtu.be/lNcbSILRugM

OWASP DevSlop Team, owasp.devslop@gmail.com

Link: