Anna Bacher
How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR
#1about 5 minutes
Understanding the IDOR vulnerability and its impact
IDOR (Insecure Direct Object Reference) is an OWASP Top 10 vulnerability that can lead to data leaks, account takeovers, and system crashes.
#2about 3 minutes
How a simple IDOR flaw caused a massive data breach
The First American Financial Corporation breach leaked 885 million documents because attackers could simply change a number in a URL to access unauthorized files.
#3about 15 minutes
A practical demonstration of exploiting IDOR vulnerabilities
Using Burp Suite and OWASP Juice Shop, an attacker can intercept requests to change basket IDs or modify other users' product reviews.
#4about 3 minutes
Examining IDOR vulnerabilities in major companies
Real-world examples from HackerOne show how IDOR vulnerabilities in companies like PayPal and Starbucks can lead to account takeovers and payment data exposure.
#5about 10 minutes
Why IDOR is difficult to prevent and tools that can help
Preventing IDOR is challenging because it requires manual access control checks, but tools like Code Property Graphs (CPG) and GitHub's CodeQL can help automate detection.
#6about 5 minutes
Using neural networks for advanced IDOR detection
By combining Code Property Graphs with neural networks, it's possible to detect IDOR vulnerabilities with higher accuracy and even generate automated code fixes.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
04:13 MIN
Focusing on key OWASP Top 10 risks for developers
Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue
07:33 MIN
Common web application threats like injection and DoS
Security in modern Web Applications - OWASP to the rescue!
00:28 MIN
Why developers make basic cybersecurity mistakes
Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes
00:03 MIN
Why developers are a prime target for attackers
You click, you lose: a practical look at VSCode's security
14:17 MIN
Hands-on security training for developers
How GitHub secures open source
05:12 MIN
Identifying top security risks with the OWASP Top 10
Plants vs. Thieves: Automated Tests in the World of Web Security
18:51 MIN
Five common cybersecurity mistakes developers make
Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes
1:15:27 MIN
Understanding common web and API vulnerability classes
Software Security 101: Secure Coding Basics
Featured Partners
Related Videos
58:19Typed Security: Preventing Vulnerabilities By Design
Michael Koppmann
33:29Programming secure C#/.NET Applications: Dos & Don'ts
Sebastian Leuer
37:36Walking into the era of Supply Chain Risks
Vandana Verma
28:41101 Typical Security Pitfalls
Alexander Pirker
27:32Security Pitfalls for Software Engineers
Jasmin Azemović
1:58:59Stranger Danger: Your Java Attack Surface Just Got Bigger
Vandana Verma Sehgal
35:37Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools
Liran Tal
24:01What The Hack is Web App Sec?
Jackie
From learning to earning
Jobs that call for the skills explored in this talk.
Embedded Security Engineer - Schwachstellenanalyse | Car IT | Secure Coding
Prognum Automotive GmbH
Remote
C++