Not every security issues can be fixed. There exist (what I call) "unfixable" bugs, where you can always argue and shift the goal posts. The idea is to only report these kind of issues to create an endless stream of bug bounty money!
Buy my terrible font (ad): shop.liveoverflow.com
Learn hacking (ad): hextree.io
What is a vulnerability? • What is a Security Vul...
hackerone reports:
hackerone.com/reports/812754
hackerone.com/reports/6883
hackerone.com/reports/223337
hackerone.com/reports/819930
hackerone.com/reports/224460
hackerone.com/reports/160109
hackerone.com/reports/557154
OWASP: owasp.org/www-community/contr...
Chapters:
00:00 - Intro
00:30 - Denial of Service with loooong passwords
03:18 - Invalid vs. Valid DoS Reports
05:11 - Deployment Differences
06:54 - Denial of Service vs. Bruteforce Protection
09:27 - IP Rate-Limiting "fix"
12:06 - Locking User Accounts?
13:59 - The Circle of Unfixable Security Issues
15:25 - Vulnerability vs. Weakness
16:49 - The Cybersecurity Industry
19:03 - Conclusion: Cybersecurity vs. Hacking
21:34 - Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
2nd Channel: / liveunderflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Streaming: twitch.tvLiveOverflow/
→ TikTok: / liveoverflow_
→ Instagram: / liveoverflow
→ Blog: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
Негізгі бет The Circle of Unfixable Security Issues
Пікірлер: 315