YoVDO

Hidden in Plain Site - Disclosing Information via Your APIs - Peter Yaworski, Bugcrowd's LevelUp 2017

Offered By: Bugcrowd via YouTube

Tags

Bug Bounty Courses Web Development Courses Cybersecurity Courses Javascript Courses HTML Courses APIs Courses JSON Courses API Security Courses

Course Description

Overview

Explore information disclosure vulnerabilities in APIs and HTML page sources often overlooked by researchers in mature programs. Learn about the design pattern in Rails that makes these vulnerabilities easy to introduce, especially when combined with front-end JavaScript libraries like React or Angular. Discover how to identify and exploit these vulnerabilities through real-world examples, including customer ID exposure and private address leaks. Gain insights into why these issues occur and how to prevent them in your own applications. Perfect for security researchers, developers, and anyone interested in improving API security.

Syllabus

Introduction
About Peter Yaworski
Agenda
What is API
Why we care
Why this happens
Rails example
Removing information from view
The JSON file
The handy method merge
Adding a sensitive parameter
Personal anecdote
How do we find it
Examples
Customer ID
Vulnerability
Private Address
Wrapup


Taught by

Bugcrowd

Related Courses

Web Development
Udacity
Do-It-Yourself Geo Apps
Esri via Independent
Software Construction: Object-Oriented Design
The University of British Columbia via edX
Full-Text Search with SAP HANA Platform
SAP Learning
Tools for Data Science
IBM via Coursera