What you'll learn:
- BAC Hacking with ZAP
- BAC Hacking with burp
- CI/CD Pipeline
- Semi-automated hacking
- Insecure Direct Object Reference
- Broken Access Control
First of all, we have to start by explaining to you what is in this course. You might have heard of the terms Broken Access Control (BAC) and Insecure Direct Object Reference (IDOR) before, but do you really understand what it is all about? In this course, we are going to go through a list of tools, methodologies, tips, and tricks that will help you level up your BAC game.
Who am I?
My name is Wesley, Iown a pen testing company and throughout the years Ihave had to design my own way of working. This has led me to my favorite issue type XSSbut it also came with a surprising exploit type Iturned out to adore!I am of course talking about BACand IDOR. With several years of teaching experience, Iwanted to build a course to pass my knowledge on to you and to help you grow without having to go through the same growing pains Iexperienced.
Who is this course for?
If you are a beginner hacker who is looking to add a new exploit type to their repertoire or even a medior hacker who wants to further explore BACand IDOR to the point of automation/semi-automating the search for the noble exploit type of BAC.
Why BAC?
Why BAC?Because it's the most common exploit type of the OWASPtop 10 - 2021 of course! This deceptively difficult exploit pulls you in with its allure of easy exploitation but you will soon realize there is much more than just the surface-level exploits you have to take into account. In my bug bounty journey, Ihave seen how incredibly common this exploit type is and Ihope to bring down its prevalence by teaching you how to find and exploit this bug with different tools.
