Olivia
Online
Inon Shkedy
@InonShkedy
๐งโโ๏ธ๐ฑ
Head of Research @Traceableai | API Security Project Leader @OWASP
Falo ๐ง๐ท/๐ฆ๐ท/๐บ๐ธ/๐ฎ๐ฑ/๐น๐ญ
๐
Joined January 2019
431 Following
3.6K Followers
455 Posts
ย Pinned Tweet
https://t.co/aGaQShVTJy
A Deep Dive On The Most Critical API Vulnerability - Broken Object Level Authorization
@hasolidit ืื ื ืืืืคื ืืืฉื ืืืฆื ืงืืจืืฆืื ืืฉืืจื ืืื ืื ืฉืื ืฉืงืืจืืื ืืจืื ืกืคืจื self help ืืื ืฉืื ืฉืื ืืืืชื ืจืืฆื ืืืืืช ืืืืื.
ืืจืืืฉ ืฉืืืจืืฃ ืืืจื ืขืื ืืืข ืืขืื ืืืื ืดืืืืืช ืืช ืืืืื ื ืืืืด ืืกืืคื ืฉื ืืื ืคืฉืื ืืืืื ืืืชื
Who to follow
mohammed eldeeb 
@malcolmx0x
Bug Bounty Hunter & security engineer
payloadartist
@payloadartist
I discuss AI, Cybersecurity & Hacking โข Helped secure organizations like Google โข Opinions are my cat's โข Part-time shitposter
Aseem Shrey
@AseemShrey
Founder https://t.co/gzIQqhCPZb - We handle security. You ship awesome products ๐
๐ ๏ธ Founder SecureMyOrg
๐น https://t.co/ZjN2YzePJW
#cybersec #privacy
๐ฅ 2 TB internal drive mod for Bad Update users coming soon! ๐ฅ
๐ข Today is the day! After about a year reverse engineering 4 different SSD controller brands, Xbox 360 HDD Maker is now available. For the first time, it is now possible to add an SSD to an unmodified, retail Xbox 360 console.
One of my favorite disclosed API breaches, discovered by my colleague @XeEaton
I highly recommend reading it on your laptop to see how your cursor turns into a French fries container.
https://t.co/9eSni5v4U8
I noted this post https://t.co/zCObcJllYP for easily reading in my understanding.
31 API Tips by @InonShkedy
#bugbountytips
@yantomr4 ืืกื ื ืืืชื ืืื ืืฆืืืฅ ืืืืืืืจ ืื ืงืื
@amsterdamski2 AirFly - ืืืคืฉืจ ืืืฉืชืืฉ ืืืืืจืคืืืก/ืื ืืืื ืืืช ืื-ืืืืืืช ืืืขืจืืช ืืืืืืืืื ืฉื ืืืืืก
Join me in person @ Cincinnati/online! We'll talk about:
๐Complex multi-step authorization breaches.
๐คBots: how bad actors exploit the API economy for profit.
๐Modern vs. Traditional: the shift away from traditional issues like injections, XSS, and XXE.
https://t.co/n6pvX5nxC1
@yantomr4 ืกืืฃ ืกืืฃ ื ืจืื ืืื ืื ืืื ืืื ืืื ืกืืจืืื
@yantomr4 ืฉืืืจ ืขื ืขืฆืื ืงืื
ืืืฉืื ืฆืจืื ืืืืื ืื ืคื ืืืขืื ื
@Alder_Birch_ As long as the EP actually returns data about the accessed object - It's pretty safe to use this method
-API Tip 28/30- #bugbountytip
Save time by comparing response sizes instead of response bodies.
E.g,
- Generate 2 API calls to test for IDOR/BOLA, use 2 different IDs
- 2 API responses have the same size? EP is probably not vulnerable
@Alder_Birch_ Two main exceptions I can think of:
1. EP doesn't return data about the accessed object. For example: DELETE /photo/22 might return just 200 with a JSON : {"status":"ok"}
2. If two different returned objects are exactly the same size. For example:
@Alder_Birch_ {"name":"inonsh":"age"28}
{"name":"boreal":"age"21}
// this one is less likely because usually JSON objects contain multiple params, and the likelihood of 2 objects to be the exact same size is low in most cases
@BolhaSec crossfit me faz mais estressado haha
@Secnik1 haha hack with your mind
-API Tip 30/30- #BugBounty
Feeling stuck but have to find a critical vulnerability?
1. Wake up early in the morning.
2. Meditate, do some exercise.
3. Turn off your phone, disconnect from the world for several hours, drink a coffee.
4. Dedicate yourself to the process :)
Last Seen Users on Sotwe
แดแดส แดษช ษขษชสส๊ฑ ๐ฌ
Seen from Turkey
Rawan
Seen from Algeria
AsianCums
Seen from Germany
Butiran Debu
Seen from Indonesia
My99
Seen from Vietnam
Du Clip (เนเธญเธเนเธเนเธฒ129k)
Seen from United States
Indian actress
Seen from Pakistan
TeterasGBA
Seen from Mexico
Pemburu binor
Damar
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers