Rage Against the IDOR's - Using Machine Learning Models to Detect and Stop Authorization Bypass Vulnerabilities

Explore machine learning techniques for detecting and preventing authorization bypass vulnerabilities in web applications. Learn how to leverage open-source ML tools to identify successful attack attempts and block them before user data is compromised. Discover the challenges of typical detection approaches and understand how to predict authorization results using request signals and random forest models. Examine the limitations of backend signals and the potential of using server response data. Gain insights into creating bags of hashes, learning access patterns, and building and training models for effective attack detection and blocking. Understand the broader implications and considerations when implementing these security measures in real-world scenarios.

Intro
Overview
Other types of Authorization Bypass
A condition might allow ignoring a check
A condition might allow skipping a check
Detection: Typical detection approaches
Stopping the Whack-A-Mole
Starting from first principles
Predicting authorization results
Single authorization logic - Challenges
Using request signals
Using a Random Forest to predict result
Limitation of using backend signals
Relying on the server response
Caveats of using response data
Using the data
Creating bags of hashes
Learning patterns of access
Building the models
Training the models
Detecting & Blocking attacks
General notes
Questions?