Missing HTTP Security Headers - Bug Bounty Tips

2022-03-16

[public] 9.8K views, 5.32K likes, dislikes audio only

In this video we talk about various HTTP headers that can improve or weaken the security of a site. And we discuss how serious they are in the context of Google's bug bounty program.

Find the full playlist with videos for Google here: https://www.youtube.com/playlist?list=PLY-vqlMAnJ9bGoI82H1BB8BE4A8H2OCA-

Chapters:

00:00 - Background Info

03:11 - Intro

03:53 - HTTP Security Header Overview

04:38 - Example #1: X-Frame-Options

06:43 - Example #2: Content-Security-Policy (CSP)

08:16 - Example #3: Strict-Transport-Security (HSTS)

10:44 - Example #4: Cross-Origin Resource Sharing (CORS)

13:12 - Example #5: Cookie Security Flags (HttpOnly)

14:25 - Summary

15:23 - Outro

*advertisement because the video was originally produced for Google: https://bughunters.google.com/learn/videos/5956774821363712/bug-hunter-university-videos

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/