Authorization vs. Authentication (Google Bug Bounty)

Channel:

Subscribers:

920,000

Published on December 2, 2021 3:00:22 PM ● Video Link: https://www.youtube.com/watch?v=hmJKUQlcGAc

Duration: 9:55

43,175 views

Authorization and Authentication can be confusing. In this video we look at their differences, and then focus on valid and invalid authorization bugs.

advertisement: this video was commissioned by the Google Vulnerablity Rewards Program for their site https://bughunters.google.com

watch all BHU videos here: https://www.youtube.com/playlist?list=PLY-vqlMAnJ9bGoI82H1BB8BE4A8H2OCA-

00:00 - Intro
00:33 - Authentication vs. Authentication
02:04 - Complex Systems with Permissions and Roles
02:42 - Example #1: Permission Complexity
04:16 - "Fixes" for Authorization Bugs
04:48 - Roles vs. Permissions
05:53 - What are Authorization Bugs?
06:52 - Example #2: Confusing Invalid Auth "Bugs"
08:22 - Summary

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Other Videos By LiveOverflow

2022-03-07	Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
2022-02-24	Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022
2022-02-12	Sudo Exploit for (old) Ubuntu 20.04 LTS
2022-02-01	Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
2022-01-18	Debugging The Failing sudoedit Exploit \| Ep.16
2022-01-11	Creating The First (Failed) Sudoedit Exploit \| Ep. 15
2022-01-03	Learning about nss (Linux Name Service Switch) During Sudo Exploitation \| Ep. 14
2021-12-24	Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2
2021-12-17	Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
2021-12-14	Can We Find a New Exploit Strategy? \| Ep. 13
2021-12-02	Authorization vs. Authentication (Google Bug Bounty)
2021-11-18	Developing GDB Extension for Heap Exploitation \| Ep. 12
2021-11-04	How Hackers Get Into Every Device!
2021-10-26	Design Flaw in Security Product - ALLES! CTF 2021
2021-10-17	Fuzzing Heap Layout to Overflow Function Pointers \| Ep. 11
2021-10-06	Video Essay about the Security Creator Scene
2021-09-26	Did you really find a vulnerability in Google? - ft. @PwnFunction
2021-09-19	Developing a Tool to Find Function Pointers on The Heap \| Ep. 10
2021-09-12	What Ethereum Smart Contract Hacking Looks Like
2021-09-04	Discussing Heap Exploit Strategies for sudo - Ep. 09
2021-08-28	"Controversial Security" // BSides Berlin 2021

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial

auth

auth vs auth

authentication

authorization

auth differences

what does it mean

versus

bug bounty

auth bugs

bugbounty