Authorization vs. Authentication (Google Bug Bounty)

Описание: Authorization and Authentication can be confusing. In this video we look at their differences, and then focus on valid and invalid authorization bugs.

advertisement: this video was commissioned by the Google Vulnerablity Rewards Program for their site https://bughunters.google.com

watch all BHU videos here:    • BUG HUNTER UNIVERSITY  

00:00 - Intro
00:33 - Authentication vs. Authentication
02:04 - Complex Systems with Permissions and Roles
02:42 - Example #1: Permission Complexity
04:16 - "Fixes" for Authorization Bugs
04:48 - Roles vs. Permissions
05:53 - What are Authorization Bugs?
06:52 - Example #2: Confusing Invalid Auth "Bugs"
08:22 - Summary

=[ ❤️ Support ]=

→ per Video:   / liveoverflow  
→ per Month:    / @liveoverflow  

=[ 🐕 Social ]=

→ Twitter:   / liveoverflow  
→ Instagram:   / liveoverflow  
→ Blog: https://liveoverflow.com/
→ Subreddit:   / liveoverflow  
→ Facebook:   / liveoverflow