Missing HTTP Security Headers - Bug Bounty Tips

Channel:

Subscribers:

920,000

Published on March 16, 2022 7:18:31 PM ● Video Link: https://www.youtube.com/watch?v=064yDG7Rz80

Duration: 15:48

124,840 views

4,839

In this video we talk about various HTTP headers that can improve or weaken the security of a site. And we discuss how serious they are in the context of Google's bug bounty program.

Find the full playlist with videos for Google here: https://www.youtube.com/playlist?list=PLY-vqlMAnJ9bGoI82H1BB8BE4A8H2OCA-

Chapters:
00:00 - Background Info
03:11 - Intro
03:53 - HTTP Security Header Overview
04:38 - Example #1: X-Frame-Options
06:43 - Example #2: Content-Security-Policy (CSP)
08:16 - Example #3: Strict-Transport-Security (HSTS)
10:44 - Example #4: Cross-Origin Resource Sharing (CORS)
13:12 - Example #5: Cookie Security Flags (HttpOnly)
14:25 - Summary
15:23 - Outro

*advertisement because the video was originally produced for Google: https://bughunters.google.com/learn/videos/5956774821363712/bug-hunter-university-videos

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Other Videos By LiveOverflow

2022-06-03	Could I Hack into Google Cloud?
2022-05-19	Scanning The Internet for Minecraft Servers
2022-05-08	Crafting a Minecraft 0day...
2022-05-01	Flying Without Elytra
2022-04-20	Modding is Hacking...
2022-04-16	Awkward VLOG at Nullcon Berlin 2022
2022-04-10	Minecraft, But It's Reverse Engineered...
2022-04-03	Breaching Security of Palais des Congrès (in Minecraft) #shorts
2022-04-01	I Spent 100 Days Hacking Minecraft
2022-03-24	I've been Hacking for 10 Years! (Stripe CTF Speedrun)
2022-03-16	Missing HTTP Security Headers - Bug Bounty Tips
2022-03-07	Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
2022-02-24	Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022
2022-02-12	Sudo Exploit for (old) Ubuntu 20.04 LTS
2022-02-01	Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
2022-01-18	Debugging The Failing sudoedit Exploit \| Ep.16
2022-01-11	Creating The First (Failed) Sudoedit Exploit \| Ep. 15
2022-01-03	Learning about nss (Linux Name Service Switch) During Sudo Exploitation \| Ep. 14
2021-12-24	Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2
2021-12-17	Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
2021-12-14	Can We Find a New Exploit Strategy? \| Ep. 13

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial

bug bounty

http headers

security headers

csp

cors

cors misconfiguration

withcredentials

xss

csrf

hsts

missing security headers

bug bounty impact

google vrp

google bug bounty

bugbounty