Authorization vs. Authentication (Google Bug Bounty)

2021-12-02

[public] 8.83K views, 2.08K likes, dislikes audio only

Authorization and Authentication can be confusing. In this video we look at their differences, and then focus on valid and invalid authorization bugs.

advertisement: this video was commissioned by the Google Vulnerablity Rewards Program for their site https://bughunters.google.com

watch all BHU videos here: https://www.youtube.com/playlist?list=PLY-vqlMAnJ9bGoI82H1BB8BE4A8H2OCA-

00:00 - Intro

00:33 - Authentication vs. Authentication

02:04 - Complex Systems with Permissions and Roles

02:42 - Example #1: Permission Complexity

04:16 - "Fixes" for Authorization Bugs

04:48 - Roles vs. Permissions

05:53 - What are Authorization Bugs?

06:52 - Example #2: Confusing Invalid Auth "Bugs"

08:22 - Summary

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/