YoVDO

Hidden in Plain Site - Disclosing Information via Your APIs - Peter Yaworski, Bugcrowd's LevelUp 2017

Offered By: Bugcrowd via YouTube

Tags

Bug Bounty Courses Web Development Courses Cybersecurity Courses Javascript Courses HTML Courses APIs Courses JSON Courses API Security Courses

Course Description

Overview

Explore information disclosure vulnerabilities in APIs and HTML page sources often overlooked by researchers in mature programs. Learn about the design pattern in Rails that makes these vulnerabilities easy to introduce, especially when combined with front-end JavaScript libraries like React or Angular. Discover how to identify and exploit these vulnerabilities through real-world examples, including customer ID exposure and private address leaks. Gain insights into why these issues occur and how to prevent them in your own applications. Perfect for security researchers, developers, and anyone interested in improving API security.

Syllabus

Introduction
About Peter Yaworski
Agenda
What is API
Why we care
Why this happens
Rails example
Removing information from view
The JSON file
The handy method merge
Adding a sensitive parameter
Personal anecdote
How do we find it
Examples
Customer ID
Vulnerability
Private Address
Wrapup


Taught by

Bugcrowd

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network