Hidden in Plain Site - Disclosing Information via Your APIs - Peter Yaworski, Bugcrowd's LevelUp 2017
Offered By: Bugcrowd via YouTube
Course Description
Overview
Explore information disclosure vulnerabilities in APIs and HTML page sources often overlooked by researchers in mature programs. Learn about the design pattern in Rails that makes these vulnerabilities easy to introduce, especially when combined with front-end JavaScript libraries like React or Angular. Discover how to identify and exploit these vulnerabilities through real-world examples, including customer ID exposure and private address leaks. Gain insights into why these issues occur and how to prevent them in your own applications. Perfect for security researchers, developers, and anyone interested in improving API security.
Syllabus
Introduction
About Peter Yaworski
Agenda
What is API
Why we care
Why this happens
Rails example
Removing information from view
The JSON file
The handy method merge
Adding a sensitive parameter
Personal anecdote
How do we find it
Examples
Customer ID
Vulnerability
Private Address
Wrapup
Taught by
Bugcrowd
Related Courses
MongoDB for DBAsMongoDB University MongoDB for Node.js Developers
MongoDB University Web Engineering II: Developing Mobile HTML5 Apps
Technische Hochschule Mittelhessen via iversity Programming Mobile Services for Android Handheld Systems: Communication
Vanderbilt University via Coursera HTML, CSS, and Javascript for Web Developers
Johns Hopkins University via Coursera