Hunting for IDORs with Katie Paxton-Fear

Sunday, May 2, 10:00am - 11:00am (EDT)

Add to Calendar 2021/05/02 10:00:00 2021/05/02 11:00:00 America/Toronto Hunting for IDORs with Katie Paxton-Fear JOIN OUR MEETUP GROUP: https://www.meetup.com/OWASP-DevSlop-Project/events/277581348/

Anyone who's watched Katie before knows that IDORs (Insecure Direct Object References) are some of her favourite bugs. Often caused by a single missing if statements, these lil bugs can have devastating impacts, and even worse they are everywhere!

In this talk, she'll go through the what, where, how, and fixes of these tricky bugs. Giving you the ultimate IDOR / BOLA (Broken Object Level Authorisation) / BFLA (Broken Function Level Authorisation) methodology, how this can be automated and how it can't be automated, the fixes for some of these vulnerabilities and why even with all of this they're still some of the most common bugs to find, and why they're worth looking for.

OUR GUEST: Katie Paxton-Fear

Katie is an Application Security Engineer at Bugcrowd, a Lecturer and Manchester Metropolitan University and Ph.D. Student, but she's far more well known for her hobbies. On evenings and weekends, she hunts bugs!

A self-described occasional bug bounty hunter, she loves the thrill of hunting down real vulnerabilities in software, but her passion is education. Through her YouTube channel, she creates weekly videos on how to get into bug bounty hunting, web application security, tooling and goes in-depth on a range of bugs and targets.

Since starting as a mentee in 2019 at a HackerOne live event she's found 30+ bugs in real software, handed in her Ph.D. thesis, created 50+ videos on her YouTube channel and grown an audience of over 20,000 subscribers.

A former developer and data scientist, she finds her success is directly related to being able to see through a website into the code/infrastructure, and she loves any opportunity to turn developers into hackers.
https://youtu.be/lNcbSILRugM false MM/DD/YYYY 30 OPAQUE alqcujNovzVzusUtJmmM104566

JOIN OUR MEETUP GROUP: https://www.meetup.com/OWASP-DevSlop-Project/events/277581348/

Anyone who's watched Katie before knows that IDORs (Insecure Direct Object References) are some of her favourite bugs. Often caused by a single missing if statements, these lil bugs can have devastating impacts, and even worse they are everywhere!

In this talk, she'll go through the what, where, how, and fixes of these tricky bugs. Giving you the ultimate IDOR / BOLA (Broken Object Level Authorisation) / BFLA (Broken Function Level Authorisation) methodology, how this can be automated and how it can't be automated, the fixes for some of these vulnerabilities and why even with all of this they're still some of the most common bugs to find, and why they're worth looking for.

OUR GUEST: Katie Paxton-Fear

Katie is an Application Security Engineer at Bugcrowd, a Lecturer and Manchester Metropolitan University and Ph.D. Student, but she's far more well known for her hobbies. On evenings and weekends, she hunts bugs!

A self-described occasional bug bounty hunter, she loves the thrill of hunting down real vulnerabilities in software, but her passion is education. Through her YouTube channel, she creates weekly videos on how to get into bug bounty hunting, web application security, tooling and goes in-depth on a range of bugs and targets.

Since starting as a mentee in 2019 at a HackerOne live event she's found 30+ bugs in real software, handed in her Ph.D. thesis, created 50+ videos on her YouTube channel and grown an audience of over 20,000 subscribers.

A former developer and data scientist, she finds her success is directly related to being able to see through a website into the code/infrastructure, and she loves any opportunity to turn developers into hackers.

Register

Please fill out the information below to register for the event.

  • Going
  • Interested
  • Can't go

Information shared with event organizer
When registering for this event, we provide the information entered to the event organizer so they can manage the event. If you do not want the event organizer to have this information, please do not proceed with your registration. Please review our Privacy Policy.

You’re going to “Hunting for IDORs with Katie Paxton-Fear ”.

We’ve sent a confirmation email to your email address. Be sure to check your junk folder in case you haven’t received the confirmation.

Add to Calendar 2021/05/02 10:00:00 2021/05/02 11:00:00 America/Toronto Hunting for IDORs with Katie Paxton-Fear JOIN OUR MEETUP GROUP: https://www.meetup.com/OWASP-DevSlop-Project/events/277581348/

Anyone who's watched Katie before knows that IDORs (Insecure Direct Object References) are some of her favourite bugs. Often caused by a single missing if statements, these lil bugs can have devastating impacts, and even worse they are everywhere!

In this talk, she'll go through the what, where, how, and fixes of these tricky bugs. Giving you the ultimate IDOR / BOLA (Broken Object Level Authorisation) / BFLA (Broken Function Level Authorisation) methodology, how this can be automated and how it can't be automated, the fixes for some of these vulnerabilities and why even with all of this they're still some of the most common bugs to find, and why they're worth looking for.

OUR GUEST: Katie Paxton-Fear

Katie is an Application Security Engineer at Bugcrowd, a Lecturer and Manchester Metropolitan University and Ph.D. Student, but she's far more well known for her hobbies. On evenings and weekends, she hunts bugs!

A self-described occasional bug bounty hunter, she loves the thrill of hunting down real vulnerabilities in software, but her passion is education. Through her YouTube channel, she creates weekly videos on how to get into bug bounty hunting, web application security, tooling and goes in-depth on a range of bugs and targets.

Since starting as a mentee in 2019 at a HackerOne live event she's found 30+ bugs in real software, handed in her Ph.D. thesis, created 50+ videos on her YouTube channel and grown an audience of over 20,000 subscribers.

A former developer and data scientist, she finds her success is directly related to being able to see through a website into the code/infrastructure, and she loves any opportunity to turn developers into hackers.
https://youtu.be/lNcbSILRugM false MM/DD/YYYY 30 OPAQUE alqcujNovzVzusUtJmmM104566

You’re interested in “Hunting for IDORs with Katie Paxton-Fear ”.

We’ve sent a confirmation email to your email address. Be sure to check your junk folder in case you haven’t received the confirmation.

Add to Calendar 2021/05/02 10:00:00 2021/05/02 11:00:00 America/Toronto Hunting for IDORs with Katie Paxton-Fear JOIN OUR MEETUP GROUP: https://www.meetup.com/OWASP-DevSlop-Project/events/277581348/

Anyone who's watched Katie before knows that IDORs (Insecure Direct Object References) are some of her favourite bugs. Often caused by a single missing if statements, these lil bugs can have devastating impacts, and even worse they are everywhere!

In this talk, she'll go through the what, where, how, and fixes of these tricky bugs. Giving you the ultimate IDOR / BOLA (Broken Object Level Authorisation) / BFLA (Broken Function Level Authorisation) methodology, how this can be automated and how it can't be automated, the fixes for some of these vulnerabilities and why even with all of this they're still some of the most common bugs to find, and why they're worth looking for.

OUR GUEST: Katie Paxton-Fear

Katie is an Application Security Engineer at Bugcrowd, a Lecturer and Manchester Metropolitan University and Ph.D. Student, but she's far more well known for her hobbies. On evenings and weekends, she hunts bugs!

A self-described occasional bug bounty hunter, she loves the thrill of hunting down real vulnerabilities in software, but her passion is education. Through her YouTube channel, she creates weekly videos on how to get into bug bounty hunting, web application security, tooling and goes in-depth on a range of bugs and targets.

Since starting as a mentee in 2019 at a HackerOne live event she's found 30+ bugs in real software, handed in her Ph.D. thesis, created 50+ videos on her YouTube channel and grown an audience of over 20,000 subscribers.

A former developer and data scientist, she finds her success is directly related to being able to see through a website into the code/infrastructure, and she loves any opportunity to turn developers into hackers.
https://youtu.be/lNcbSILRugM false MM/DD/YYYY 30 OPAQUE alqcujNovzVzusUtJmmM104566

Thank you!

Your changes have been saved. Thanks for keeping us updated.

Sunday, May 2, 10:00am - 11:00am (EDT)

https://youtu.be/lNcbSILRugM

OWASP DevSlop Team, owasp.devslop@gmail.com