Let's Talk API Security: Broken Object Level Access Control (BOLA)

AppSecEngineer

api api attacks api security api security tutorial application security appsec bola broken object level access control broken object level authorization developer security devops infosec object level access control security vulnerability

description

Object level authorization is an access control mechanism that is usually implemented at the code level to validate that one user can only access objects that they should have access to.

In this video, Abhay Bhargav explains how this sort of authorization works, and how the #BrokenObjectLevelAccessControl (BOLA) can happen, leading to loss or disclosure of sensitive data.

We use labs straight from AppSecEngineer to show you how BOLA works and how to avoid it. #APISecurity Learn more about AppSecEngineer at https://appsecengineer.com/ Twitter: https://twitter.com/AppSecEngineer Linkedin: https://www.linkedin.com/company/appsecengineer

#AppSecEngineer is ideal for jobseekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues.

00:00 - Introduction 01:11 - What is BOLA? 04:40 - Attacking APIs with BOLA 20:32 - Thanks for watching! ... https://www.youtube.com/watch?v=6HnF5s0jnQA

created

2021-11-10

staked

0.0 LBC

license

Copyrighted (contact publisher)

File size

143201353 Bytes