The Ultimate Bac And Idor

Learn how to find, exploit and even automate the most common exploit type in the OWASP top 10 - 2021

What you'll learn

Broken Access Control

Insecure Direct Object Reference

Semi-automated hacking

CI/CD Pipeline

BAC Hacking with burp

BAC Hacking with ZAP

Requirements

PC Able to run ZAP

PC Able to run Burp suite free edition

Description

First of all, we have to start by explaining to you what is in this course. You might have heard of the terms Broken Access Control (BAC) and Insecure Direct Object Reference (IDOR) before, but do you really understand what it is all about? In this course, we are going to go through a list of tools, methodologies, tips, and tricks that will help you level up your BAC game.Who am I? My name is Wesley, I own a pen testing company and throughout the years I have had to design my own way of working. This has led me to my favorite issue type XSS but it also came with a surprising exploit type I turned out to adore! I am of course talking about BAC and IDOR. With several years of teaching experience, I wanted to build a course to pass my knowledge on to you and to help you grow without having to go through the same growing pains I experienced. Who is this course for? If you are a beginner hacker who is looking to add a new exploit type to their repertoire or even a medior hacker who wants to further explore BAC and IDOR to the point of automation/semi-automating the search for the noble exploit type of BAC. Why BAC?Why BAC? Because it's the most common exploit type of the OWASP top 10 - 2021 of course! This deceptively difficult exploit pulls you in with its allure of easy exploitation but you will soon realize there is much more than just the surface-level exploits you have to take into account. In my bug bounty journey, I have seen how incredibly common this exploit type is and I hope to bring down its prevalence by teaching you how to find and exploit this bug with different tools.

Overview

Section 1: Introduction

Lecture 1 GENERAL-Syllabus

Lecture 2 GENERAL-000. Introduction

Section 2: What is BAC?

Lecture 3 GENERAL-010 - So what exactly is BAC

Lecture 4 GENERAL-011. What the IDOR

Section 3: Manually hunting BAC

Lecture 5 GENERAL-020. Manual BAC and IDOR hunting-051022-203345

Lecture 6 GENERAL-021. Manual testing assignment-051022-203433

Lecture 7 GENERAL-022_ Solutions

Lecture 8 GENERAL-022. Assignement 2 & 3

Section 4: Automated hunting with burp suite

Lecture 9 GENERAL-030. Automated BAC hunting with burp suite

Section 5: Automated hunting with ZAP

Lecture 10 GENERAL-040_ Hunting BAC with ZAP

Section 6: Capstone project

Lecture 11 GENERAL-050 Capstone project

Section 7: XTRA - Extras

Lecture 12 XTRA01 - Permission matrix example

Lecture 13 XTRA02- Mindmap BAC

Beginner hackers looking to thoroughly add another exploit type to their repetoire