I am back with another part of the OAuth 2.0 Hacking Simplified series. We have already gone through basics in the previous post. I highly recommend you to go through the Part 1. In this blog we will dive into how we can exploit and mitigate common OAuth vulnerabilities.
OAuth vulnerabilities arise because the OAuth specification is relatively vague and flexible by design. The vast majority of the implementation is completely optional in OAuth. Also OAuth doesn’t have much built-in security features. Most of the security configuration and additional security implementation has to be done by developers.
OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets without actually sharing the initial, related, single logon credential.
Auth0 generates access tokens for API authorization scenarios, in JSON web token (JWT) format. The permissions represented by the access token, in OAuth terms, are known as scopes. When an application authenticates with Auth0, it specifies the scopes it wants. If those scopes are authorized by the user, then the access token will represent these authorized scopes.
It works by delegating user authentication to the service that hosts…
I am back with another part of the Hacking GraphQL series. We have already gone through basics in the previous post. I highly recommend you to go through the post, if not already. In this blog we will go through a demo application called Generic University created by awesome InsiderPHD to understand some basic bugs and craft a methodology to test GraphQL.
Let’s cut to the chase and come straight to the point, all the bugs which can be found in REST APIs can be found in the GraphQL. Which includes the following but not limited to -
In this part one of GraphQL Hacking series, I will be going through some basics of GraphQL to understand technology better and in the next part we will be actually hacking a demo application. There are tons of good resources available especially official documentation is top notch. This blog is just an overview of the technology and how to use available resources for best results. So let’s begin …
As a pen-tester by profession, I usually have to deal with different environments. Sometimes compiling tools which has some nasty dependencies and failing to build or want to generate a PoC for specific environment or creating CTFs. Docker always comes handy in such situations. So here is beginners guide on how to start with docker and get some familiarity with the commands.
Docker is an opensource tool used to easily deploy applications in sandbox environments called containers. In a docker container we can run different tools to do specific job.
Container is standard unit of software that packages…
Recon → Interesting URL → java code → download to windows machine → Defender identified as jsp webshell
This is an interesting finding I have found on a public vdp program. While me and a friend of mine Jaimin was doing recon on a public program, he found an interesting URL. He shared it with me and I was just poking it and found out that java code is disclosed.
I thought I have found some source code disclosure vulnerability and let’s see we can find something interesting out of this. So I tried to download it…
Broken access controls are a commonly encountered and often critical security vulnerability. Design and management of access controls is a complex and dynamic problem that applies business, organizational, and legal constraints to a technical implementation.
From a user perspective, access controls can be divided into the following categories:
For better understanding on same please go through following awesome resource:
I have found a similar issue in one of the private program on Bugcrowd platform which we can categorise as Context-dependent access controls. Based on the understanding of the application, I…
Security Enthusiast | Keen Learner | Breaking stuff to learn | Occasional bounty hunter | Twitter: @busk3r