This lab challenges a learner to discover and exploit an existing API vulnerability to bypass authorization mechanisms and steal private files in a cloud application. In this lab, you are an adversary interacting with the application in a legitimate way to discover flaws in a REST API to bypass authorization mechanisms and steal private files that contain AWS Credentials. Participants will also learn best practices to prevent and mitigate broken object-level authorization vulnerabilities related to insecure APIs.
Learning Objectives
On successful completion of this course, learners should have the knowledge and skills required to:
- Understand how adversaries can exploit such vulnerabilities to bypass authorization mechanisms and steal supposedly private files