The Circle of Unfixable Security Issues
112.6 هزار بار بازدید -
9 ماه پیش
-
Not every security issues can
Not every security issues can be fixed. There exist (what I call) "unfixable" bugs, where you can always argue and shift the goal posts. The idea is to only report these kind of issues to create an endless stream of bug bounty money!
Buy my terrible font (ad): https://shop.liveoverflow.com
Learn hacking (ad): https://hextree.io
What is a vulnerability? What is a Security Vulnerability?
hackerone reports:
https://hackerone.com/reports/812754
https://hackerone.com/reports/6883
https://hackerone.com/reports/223337
https://hackerone.com/reports/819930
https://hackerone.com/reports/224460
https://hackerone.com/reports/160109
https://hackerone.com/reports/557154
OWASP: https://owasp.org/www-community/contr...
Chapters:
00:00 - Intro
00:30 - Denial of Service with loooong passwords
03:18 - Invalid vs. Valid DoS Reports
05:11 - Deployment Differences
06:54 - Denial of Service vs. Bruteforce Protection
09:27 - IP Rate-Limiting "fix"
12:06 - Locking User Accounts?
13:59 - The Circle of Unfixable Security Issues
15:25 - Vulnerability vs. Weakness
16:49 - The Cybersecurity Industry
19:03 - Conclusion: Cybersecurity vs. Hacking
21:34 - Outro
=[ ❤️ Support ]=
→ per Video: Patreon: liveoverflow
→ per Month: @liveoverflow
2nd Channel: liveunderflow
=[ 🐕 Social ]=
→ Twitter: Twitter: LiveOverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: TikTok: liveoverflow_
→ Instagram: Instagram: LiveOverflow
→ Blog: https://liveoverflow.com/
→ Subreddit: Reddit: LiveOverflow
→ Facebook: Facebook: LiveOverflow
Buy my terrible font (ad): https://shop.liveoverflow.com
Learn hacking (ad): https://hextree.io
What is a vulnerability? What is a Security Vulnerability?
hackerone reports:
https://hackerone.com/reports/812754
https://hackerone.com/reports/6883
https://hackerone.com/reports/223337
https://hackerone.com/reports/819930
https://hackerone.com/reports/224460
https://hackerone.com/reports/160109
https://hackerone.com/reports/557154
OWASP: https://owasp.org/www-community/contr...
Chapters:
00:00 - Intro
00:30 - Denial of Service with loooong passwords
03:18 - Invalid vs. Valid DoS Reports
05:11 - Deployment Differences
06:54 - Denial of Service vs. Bruteforce Protection
09:27 - IP Rate-Limiting "fix"
12:06 - Locking User Accounts?
13:59 - The Circle of Unfixable Security Issues
15:25 - Vulnerability vs. Weakness
16:49 - The Cybersecurity Industry
19:03 - Conclusion: Cybersecurity vs. Hacking
21:34 - Outro
=[ ❤️ Support ]=
→ per Video: Patreon: liveoverflow
→ per Month: @liveoverflow
2nd Channel: liveunderflow
=[ 🐕 Social ]=
→ Twitter: Twitter: LiveOverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: TikTok: liveoverflow_
→ Instagram: Instagram: LiveOverflow
→ Blog: https://liveoverflow.com/
→ Subreddit: Reddit: LiveOverflow
→ Facebook: Facebook: LiveOverflow
9 ماه پیش
در تاریخ 1402/07/25 منتشر شده
است.
112,624
بـار بازدید شده