Free Web Hacking Course

Get Proton VPN for free: go.getproton.me/SHWN or get Proton Mail here: go.getproton.me/SHWO
Free Web Hacking Course: ua-cam.com/users/RanaKhalil101
50% OFF Web Security Academy Course Code: DavidBombal500FF
Academy: academy.ranakhalil.com/
8 hour SQL Injection playlist: ua-cam.com/video/1nJgupaUPEQ/v-deo.html
In this video Rana explains and demonstrates Broken Access Control which is number 1 on the OWASP top 10: owasp.org/www-project-top-ten/
// MENU //
00:00 - Intro
00:25 - Ads
01:38 - Opening
02:36 - Broken Access Control
05:04 - Authentication
06:11 - Session Management
10:31 - Access Control
12:16 - Types of Access Control
18:19 - Broken Access Control Vulnerabilities
23:00 - Rana's Channel
25:03 - Types of Broken Access Control
30:12 - Lab Exercise 1
39:52 - Vertical Privilege Escalation
43:19 - Lab Exercise 2
48:47 - Access Control Vulnerabilities in Multi-Step Processes
51:12 - Lab Exercise 3
59:21 - Prevention
01:04:46 - Rana's Platforms
01:07:43 - Outro
// Labs used in the video //
Lab #1: portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter
Lab #2: portswigger.net/web-security/access-control/lab-user-role-controlled-by-request-parameter
Lab #3: portswigger.net/web-security/access-control/lab-multi-step-process-with-no-access-control-on-one-step
// Rana's SOCIAL //
Twitter: twitter.com/rana__khalil
Academy: academy.ranakhalil.com/
UA-cam Channel: ua-cam.com/users/RanaKhalil101
Medium Blog: ranakhalil101.medium.com/
Rana Intigriti Interview: ua-cam.com/video/stXkOBZsNYo/v-deo.html&ab_channel=intigriti
// David's SOCIAL //
Discord: discord.gg/davidbombal
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
UA-cam Main Channel: ua-cam.com/users/davidbombal
UA-cam Tech Channel: ua-cam.com/channels/ZTIRrENWr_rjVoA7BcUE_A.html
UA-cam Clips Channel: ua-cam.com/channels/bY5wGxQgIiAeMdNkW5wM6Q.html
UA-cam Shorts Channel: ua-cam.com/channels/EyCubIF0e8MYi1jkgVepKg.html
Apple Podcast: davidbombal.wiki/applepodcast
Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.

I love how she explains everything in clear understandable language. A true beginner course. 👏

I love her presentation as she is very concise and thorough breaking everything down. Her level of organization is impecable. I don’t know much about hacking or web security. However, I’ve always wanted to learn so I’m definitely signing up for her course. Thank for bringing her on Mr. Bombal. I really enjoy watching your channel and I have been learning quite a lot. Cheers!

She is a very good teacher, I am glad she is going over the basics.

This is not only educational, as well as entertaining also. Thanks for doing amazing collabs.

I just started getting into bug bounty and this is perfect for me. Btw yesterday I found my first bug.

very clear and just enough pace on how she explain the topics really makes you listen and understand more of what she's teaching.

Awesome introduction to the topic of Web Sec & hacking the web.
Good call on spotting Rana to address the topic David - kudos fella!
Another topic in the domain I would like to see addressed is exploiting latency to get in the door; latency is exploited in gaming and is very much a real-world technique employed by hackers trying to lull servers into a more time lenient state potentially allowing them (hackers) a larger window of opportunity. Everybody has to deal with latency especially concerning connections over larger WAN and is a growing problem and most likely at the root of governments (globally) addressing connections from outside their countries in a manner that most employ VPN services to bypass.
Web Sec is definitely an interesting and very valuable topic for anyone creating anything that consumes anything over a network connection, but many if not all techniques benefit localized application development (like desktop apps). Good vid!!!

I love the way she explains these concepts so smooth and easy to grasp. We need to see more of her

i think rana khalil is the best teacher of cyber security on youtube ,,, thanks for her and thank you david for inviting her ,,, keep up the good job both of you

It will be awesome if Rana returns on your channel to teach and demonstrate code security. Often than not it is usually not clearly explained. I believe with Rana at the helm of this topic, clarity on this will be assured. Thanks David for all you do for the community.

Being a full stack developer I loved this video and her way of teaching is simply awesome.Thanks David for introducing us to such an amazing teachers.

That timer for the ad really makes a difference - makes it feel like my time is respected.

This was a great segment on BAC. Rana does an amazing job of explaining the issues and the processes to test for said issues.
I sort of equate the Multistep issue to having a building with a security guard, mantrap room, front desk clerk and then a lock on the door of the room with all of the goodies... If all you had was the security guard at the door and nothing else, because you figured that was enough, it would be much easier to get into the room with all the goodies if you managed to trick the security guard.
As always, please keep the amazing content coming. Because it's very much appreciated by everyone!

I started off with ok… another hacker… and then 10 minutes later, I was like oh S***! THIS IS IT. THANK YOU both David and Rana. Great job

A brilliant presentation. Rana has a very good way of explaining things. I particularly liked the way she gave a realife example of the online shopping session management vulnerability.

If only she could teach me a course on Web Hacking i would learn. She explains it so effortlessly. Make it look so simple.

I would love to see Rana code live on the site. Thanks David!!!!

It's so weird to see the person behind her voice haha i started off by watching her videos. Thank you rana for making such great quality content

Thank-you David for having Rama on your channel!! You always offer diversity among your guests. She is a fantastic teacher, much like yourself!!

David i was going to say something about her great teaching techniques but, after looking at comments, looks like it a majority vote shes great at explaining in laymen terms and simplify, very nice job.

Yeah definitely bring Rhanna back she's cool at explaining it in simple terms that easy enough to understand for people like me. Really appreciate it alot! Thank You xx

Very good video, really like the way she explains and the way you interacted with her! Hope to see more collaboration between you two a near future, particularly dev stuff!

thank you rana and david for providing so much value ,keep on grinding the stuff

a truly beginner course but the way she explain made it very easy huge respect for that beautiful soul

I would looooooove an episode covering access control and coding examples, really educational show. I learned a lot! Thank you both!

Another incredible video. Thanks man for putting so much effort in order to reduce ours.

Thank you David and Rama. I would love to see Rama come back to talk about coding.

Thanks David for hosting Rana, I toke the chance and used the promotion code :)
Thanks Rana for the valuable information and the your ability to simplify the concepts with examples.
Regards,

Love you from Pakistan sir. I watched your videos you give so much interesting knowledge about linux and others hacking tools .I am student but i have to manage time for your videoss.
😍

Thank you Rana and David. Rana you have an amazing gift of knowledge and teaching. Rana you are amazing!

yaaaaay!!!! honestly i feel your channel should become a tv show. thanks for this wonderful content. thanks david! thanks Rana!!

The teacher is really awesome, they way she explains is amazing

She's explaining using a very simple terms and easy to understand she's good bring her back

The pace is well digested with non native English speaker. Nice explanation

Wow. Excellent video David and Rana 🙂. Very good information for pentesting beginners and developers. I remember that in 2013/2014 I had to make a website with access control on my job at that time for private access for a client. It was made in PHP and it was my first web programming experience. I googled a lot at that time about how to make the site secure but I couldn't find much information about it or the information was too disperse. I hope they are not using that site anymore, it must be a swiss cheese of vulnerabilities.

Bring her back for code!!! This is great, I'd seen her channel before but UA-cam hasn't thrown her in my feed for a bit, but I'll be watching now!

Yes bring Rana back..have been appreciating her channel as well as this one...thank you..

Rana Khalil in the house. Big fan here. Another iron lady is Katie Paxton-Fear (InsiderPhD)

Dear David ! Your continues efforts with regard to the security awareness / knowledge sharing is extraordinary & remarkable. Thank you so much for making this content.

Really great teacher and talk thank you David and Rana will deffinatly buy the course next and do the web application hacking course :)

She is an amazing teacher! Just started learning and this has cleared up a lot of questions I had

I love David Bombal, I try to watch everything he puts out. I just finished a CompTIA Net+, Sec+, and CCNA courses through the VA at an IT school for Veterans. Have applied to over 115 jobs in the past 2 months. Can't get a job anywhere. Everyone wants you to have a PHD for an entry level IT job. It's depressing and discouraging out here! So desperate for someone in IT somewhere to give me a chance to get started. Can't get a job without experience, can't get experience without a job. Yay :(

a secure coding course !!! if its with rana khalil than yes without hesitation

Greetings from the Middle East, dear❤️❤️

Woww.. What a nice final thought.. "Education Should Be a Right, Not a Privilege"
For me it's even more motivating to give money to someone who is not forcing you to do so (if you want the content).

proud to live in the same country of Proton team ! thanks for the video

Rana is the best, I’m so thrilled to see her on your channel 😁

Yes, want her back, maybe covering devsecops basics if possible. Cool video.

Dave you brought up a great point by requesting her to come back and code. I think someone who can blend the two would be great. Like 'when coding html what to not do. Java, what to not do, what to look for. I am only 15 minutes in the video right now, so maybe soon

She's amazing. Thank you David for this episode. Would love to see one focusing on secure code review.

Just noticed the necklace now 😊 .. great necklace. Free Palastine. Great content, thanks Rana.

She's good. Thanks David for bringing Rana on

Great skills, Rana. Proud of you. ما شاء الله لا قوة الا بالله

Thank you David for putting so much time and effort in creating these wonderful videos. Also many thanks to you too Rana for your fantastic and “easy to digest” presentation. You guys are fantastic. ❤🙏🏼👍🏼

Incredible video! 🙏🏾 Grateful! Big thanks to David and Rama for such enlightenment! Let's smash that like button and subscribe for both of them.

very good. Loved Rama with clear explanations and examples. Keep the top 5 work.

Very good keep teaching us such technology and pls recommend such nice hacking and cybersecurity related books pls love from India 🇮🇳

Thank you for introducing Rana!

Wow, that's absolutely amazing! Because she's prepared! The slideshow and these powerpoint slides! Great!
Thanks David! now I'm subscribing to her channel as well!

Lab exercises very good .thanks rana

Her courses are amazing..well worth your time.

I’d love to see Rana go into the Dev-side of coding a secure web application! 🙏

really I was thinking about this interview rana khalil vs David bombal just in this week
glad to to see in real

she is amazing and yes please bring her back again thank you and if possible if its ok for her to speak a bit more about oscp examination like how difficult it was in more details and what content can help someone like me to get closer to oscp please

Thank you, great video as always.If possible get a new video with coding.

Beautiful video, great job both of you

Thank you a looot siir, iam full stack web dev + web pen tester and i will also watch your course.

Yes David some developers are watching also so thanks for highlighting this point and to assure that we have to know this when we build any kind of application, You are amazing
Thanks and love from Syria

Awesome topic. I like the whole video 👌🏻👌🏻. Keep doing great work.

I just found my first bug today! On a very large watch company! It was an Idor that led to full account take over! I can’t believe it!!

David, and Rana thank you for the content. I am expecting more collaboration on web application security topics. Thank you again. A small question, WAF cannot help to prevent attacking a webiste?

Great video, Thankyou David & Rana, bring on the code !

am always like to hear rana talking about security ..she is one of the best for me,
thanks for make that happend david♥

A JavaScript development video of precisely how to correct the flaws shown in this video would be very interesting for me!

I think it'd be awesome if she came back to demonstrate code side of things 💯

Brilliant Rana, brilliant knowledge!!!!!!!!!! Thank you guys)

that greenscreen bleed.
she explains everything so well. she is a true professional.
but man. even if she did record from a boring normal-people bedroom or whereever.. these fake-backgrounds (not just hers) make everything so much less authentic.
if i had these skills, i would go:
you know what, i'm streaming from a tiny closet, whatever. the things i say are important and not the room i'm in.

Hi David:
Im not nearly as technical.
But, most often the UA-cam videos you post are understood in concept. That said, what about defenses against mobile and desktop duplicating apps?
In terms of research, the only options to match my then abilities are encryption on a live desktop. Not via Point-to-point or across within the IIP stack.

Thank you very much Mr David and Ms Rana for a very useful and lucid session.
I will join the web course sometime next month. I hope the 50% offer is open till then. Thanks and regards

I like your videos. Very straight with your presentation.

Yes please Rhana come back and show us some code!!🙏🏻

Thanks for the course David and Rana.

Thanks for this series!

I CAN'T to see Mrs.Rana's next visit to this channel.

Absolutely, I want her to do a Python course!!! But anything coding I would tune in to!

hey David, am confused here, am a beginner my Lecture gave me this assignment and don't understand anything. three different questions are; Research on switch statement
Shortcut method
Software development cycle.

I can only recommend the book "Web Security for Developers: Real Threats, Practical Defense", this is explained in few pages.
I like exemples during conferences, but they are often over-simplified : / A real exemple with anonymized data would be great

David I'm gonna sleep now but I'll be there tomorrow to check it out 😊

David, you never disappoint us with your content !!!!! LOVE YOUR CHANNEL MAN

Publicidad de Calidad, Proton VPN es lo mejor!!!! :3 🇨🇴🇨🇴🌄🌠

David I am very thanks of watching your outstanding video I am working on Application security auditor in my country Ethiopia and your videos helping me so good thnks

Long awaited. Thanks ☕

Love the Palestinian necklace ❤❤❤ 🇵🇸

Your the best my man, always having good info

WE WANT RANA TO COME BACK AND THEACH US ABOUT SECURE CODE WRITING, PLEASE!!!!
Pd = Thank you, thank you, thank you for this high quality content... The dedication and commitment to transmit knowledge and help other people to discover and understand new knowledge is truly invaluable ♥

Great video David thanks !

Great content thanks - would be awesome to see more stuff on Web3 now - Solidity smart contract security

This wonderful teacher ❤❤😮😊❤ wonderful teacher

Awesome videos. I could watch you for hours. I would love to see a video on how to do penetration testing on the Tor network. It's all a bit different via an Onion address.