Anna Bacher
How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR
#1about 5 minutes
Understanding the IDOR vulnerability and its impact
IDOR (Insecure Direct Object Reference) is an OWASP Top 10 vulnerability that can lead to data leaks, account takeovers, and system crashes.
#2about 3 minutes
How a simple IDOR flaw caused a massive data breach
The First American Financial Corporation breach leaked 885 million documents because attackers could simply change a number in a URL to access unauthorized files.
#3about 15 minutes
A practical demonstration of exploiting IDOR vulnerabilities
Using Burp Suite and OWASP Juice Shop, an attacker can intercept requests to change basket IDs or modify other users' product reviews.
#4about 3 minutes
Examining IDOR vulnerabilities in major companies
Real-world examples from HackerOne show how IDOR vulnerabilities in companies like PayPal and Starbucks can lead to account takeovers and payment data exposure.
#5about 10 minutes
Why IDOR is difficult to prevent and tools that can help
Preventing IDOR is challenging because it requires manual access control checks, but tools like Code Property Graphs (CPG) and GitHub's CodeQL can help automate detection.
#6about 5 minutes
Using neural networks for advanced IDOR detection
By combining Code Property Graphs with neural networks, it's possible to detect IDOR vulnerabilities with higher accuracy and even generate automated code fixes.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
04:13 MIN
Focusing on key OWASP Top 10 risks for developers
Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue
07:33 MIN
Common web application threats like injection and DoS
Security in modern Web Applications - OWASP to the rescue!
00:28 MIN
Why developers make basic cybersecurity mistakes
Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes
00:03 MIN
Why developers are a prime target for attackers
You click, you lose: a practical look at VSCode's security
14:17 MIN
Hands-on security training for developers
How GitHub secures open source
05:12 MIN
Identifying top security risks with the OWASP Top 10
Plants vs. Thieves: Automated Tests in the World of Web Security
18:51 MIN
Five common cybersecurity mistakes developers make
Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes
1:15:27 MIN
Understanding common web and API vulnerability classes
Software Security 101: Secure Coding Basics
Featured Partners
Related Videos
2:08:06The attacker's footprint
Antonio de Mello & Amine Abed
43:56Getting under the skin: The Social Engineering techniques
Mauro Verderosa
58:19Typed Security: Preventing Vulnerabilities By Design
Michael Koppmann
37:32Cyber Security: Small, and Large!
Martin Schmiedecker
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
26:28Security Blindspots and How to Learn About Them - Anna Oliveira
29:34You can’t hack what you can’t see
Reto Kaeser
37:36Walking into the era of Supply Chain Risks
Vandana Verma
From learning to earning
Jobs that call for the skills explored in this talk.
Android App Malware Reverse Engineer (Remote)
IOActive Inc.
Municipality of Madrid, Spain
Remote
Intermediate
Android
{"@context":"https://schema.org/","@type":"JobPosting","title":"Application Security Engineer
Ninedots
Python
CircleCI
Amazon Web Services (AWS)
{"@context":"https://schema.org/","@type":"JobPosting","title":"Penetration Tester
Infosec
Charing Cross, United Kingdom
Remote
Identity and Access Management (IAM) Analyst
Darktrace Ltd
Cambridge, United Kingdom
€42K
Microsoft Access