YoVDO

Hidden in Plain Site - Disclosing Information via Your APIs - Peter Yaworski, Bugcrowd's LevelUp 2017

Offered By: Bugcrowd via YouTube

Tags

Bug Bounty Courses Web Development Courses Cybersecurity Courses Javascript Courses HTML Courses APIs Courses JSON Courses API Security Courses

Course Description

Overview

Explore information disclosure vulnerabilities in APIs and HTML page sources often overlooked by researchers in mature programs. Learn about the design pattern in Rails that makes these vulnerabilities easy to introduce, especially when combined with front-end JavaScript libraries like React or Angular. Discover how to identify and exploit these vulnerabilities through real-world examples, including customer ID exposure and private address leaks. Gain insights into why these issues occur and how to prevent them in your own applications. Perfect for security researchers, developers, and anyone interested in improving API security.

Syllabus

Introduction
About Peter Yaworski
Agenda
What is API
Why we care
Why this happens
Rails example
Removing information from view
The JSON file
The handy method merge
Adding a sensitive parameter
Personal anecdote
How do we find it
Examples
Customer ID
Vulnerability
Private Address
Wrapup


Taught by

Bugcrowd

Related Courses

MongoDB for DBAs
MongoDB University
MongoDB for Node.js Developers
MongoDB University
Web Engineering II: Developing Mobile HTML5 Apps
Technische Hochschule Mittelhessen via iversity
Programming Mobile Services for Android Handheld Systems: Communication
Vanderbilt University via Coursera
HTML, CSS, and Javascript for Web Developers
Johns Hopkins University via Coursera