Get Proton VPN for free: https://go.getproton.me/SHWN or get Proton Mail here: https://go.getproton.me/SHWO

Free Web Hacking Course: https://www.youtube.com/c/RanaKhalil101

50% OFF Web Security Academy Course Code: DavidBombal500FF
Academy: https://academy.ranakhalil.com/

8 hour SQL Injection playlist: https://www.youtube.com/watch?v=1nJgupaUPEQ&list=PLuyTk2_mYISLaZC4fVqDuW_hOk0dd5rlf

In this video Rana explains and demonstrates Broken Access Control which is number 1 on the OWASP top 10: https://owasp.org/www-project-top-ten/

// MENU //
00:00 - Intro
00:25 - Ads
01:38 - Opening
02:36 - Broken Access Control
05:04 - Authentication
06:11 - Session Management
10:31 - Access Control
12:16 - Types of Access Control
18:19 - Broken Access Control Vulnerabilities
23:00 - Rana's Channel
25:03 - Types of Broken Access Control
30:12 - Lab Exercise 1
39:52 - Vertical Privilege Escalation
43:19 - Lab Exercise 2
48:47 - Access Control Vulnerabilities in Multi-Step Processes
51:12 - Lab Exercise 3
59:21 - Prevention
01:04:46 - Rana's Platforms
01:07:43 - Outro

// Labs used in the video //
Lab #1: https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter
Lab #2: https://portswigger.net/web-security/access-control/lab-user-role-controlled-by-request-parameter
Lab #3: https://portswigger.net/web-security/access-control/lab-multi-step-process-with-no-access-control-on-one-step

// Rana's SOCIAL //
Twitter: https://twitter.com/rana__khalil
Academy: https://academy.ranakhalil.com/
Youtube Channel: https://www.youtube.com/c/RanaKhalil101
Medium Blog: https://ranakhalil101.medium.com/
Rana Intigriti Interview: https://www.youtube.com/watch?v=stXkOBZsNYo&ab_channel=intigriti

// David's SOCIAL //
Discord: https://discord.gg/davidbombal
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube Main Channel: https://www.youtube.com/davidbombal
YouTube Tech Channel: https://youtube.com/channel/UCZTIRrENWr_rjVoA7BcUE_A
YouTube Clips Channel: https://www.youtube.com/channel/UCbY5wGxQgIiAeMdNkW5wM6Q
YouTube Shorts Channel: https://www.youtube.com/channel/UCEyCubIF0e8MYi1jkgVepKg
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]

web
web hacking
web hacking course
web hacking tutorial
xss
owasp
owasp top 10
broken access control
http
https
website
web hacking full course
web hacking pro tips
web hacking book
xss
cross site scripting
portswigger
ajax
jscript
javascript
xss attack
xss video tutorial
xss attack tutorial
xss explained
xss attack example
xss bug bounty
xss tutorial
xss vulnerability
xss vs csrf attack
xss example
xsser
xsssa facebook
xsssa
kali linux
penetration testing
ethical hacking
bug bounty
cross site scripting
cross-site scripting
red teaming
cyber security
kali linux install
kali linux 2022
ethical hacker course
ethical hacker
javascript
ajax
jquery
node js
node js hacking
portswigger

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.

#hack #webhacking #course