Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
Inhalt bereitgestellt von Amin Malekpour. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Amin Malekpour oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
Ähnelt Hacked & Secured: Pentest Exploits & Mitigations
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
How can business help solve society’s biggest challenges? Welcome to Take on Tomorrow, the award-winning podcast from PwC that examines the biggest problems facing society and the role business can—and should—play in solving them. Hosts Femi Oke and Lizzie O’Leary talk to industry innovators, tech trailblazers and visionary leaders from around the globe about timely topics: from the climate transition to AI and data; and from the future of food to how we build, move and power the world.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
A podcast for developers interested in building great software products. Every episode, Adam Wathan is joined by a guest to talk about everything from product design and user experience to unit testing and system administration.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
Player FM - Podcast-App
Gehen Sie mit der App Player FM offline!
Gehen Sie mit der App Player FM offline!
))
Ep. 11 – Account Takeover, Token Misuse, and Deserialization RCE: When Trust Goes Wrong
Manage episode 496330953 series 3643227
Inhalt bereitgestellt von Amin Malekpour. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Amin Malekpour oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
One flawed password reset. One shared session token. One dangerous object.
In Episode 11 of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world vulnerabilities where trust between systems and users broke down—with serious consequences.
- Account Takeover via Forgot Password – A predictable ID and exposed tokens let attackers reset passwords without access to email.
- Session Hijack in OTP Login – A logic flaw in how login tokens were handled allowed full account access with just a user ID.
- Remote Code Execution via Java Deserialization – A community-contributed finding where an exposed service deserialized untrusted input, leading to code execution.
These aren’t complex chains. They’re common mistakes with big impact—and important lessons for developers, security teams, and testers.
Chapters:
00:00 - INTRO
00:59 - FINDING #1 - Account Takeover via Forgot Password
06:26 - FINDING #2 - Shared Session Token in SMS Login Flow
10:39 - FINDING #3 - Java Deserialisation to Remote Code Execution
16:13 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link
Kapitel
1. INTRO (00:00:00)
2. FINDING #1 - Account Takeover via Forgot Password (00:00:59)
3. FINDING #2 - Shared Session Token in SMS Login Flow (00:06:26)
4. FINDING #3 - Java Deserialisation to Remote Code Execution (00:10:39)
5. OUTRO (00:16:13)
13 Episoden
Teilen
Manage episode 496330953 series 3643227
Inhalt bereitgestellt von Amin Malekpour. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Amin Malekpour oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
One flawed password reset. One shared session token. One dangerous object.
In Episode 11 of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world vulnerabilities where trust between systems and users broke down—with serious consequences.
- Account Takeover via Forgot Password – A predictable ID and exposed tokens let attackers reset passwords without access to email.
- Session Hijack in OTP Login – A logic flaw in how login tokens were handled allowed full account access with just a user ID.
- Remote Code Execution via Java Deserialization – A community-contributed finding where an exposed service deserialized untrusted input, leading to code execution.
These aren’t complex chains. They’re common mistakes with big impact—and important lessons for developers, security teams, and testers.
Chapters:
00:00 - INTRO
00:59 - FINDING #1 - Account Takeover via Forgot Password
06:26 - FINDING #2 - Shared Session Token in SMS Login Flow
10:39 - FINDING #3 - Java Deserialisation to Remote Code Execution
16:13 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link
Kapitel
1. INTRO (00:00:00)
2. FINDING #1 - Account Takeover via Forgot Password (00:00:59)
3. FINDING #2 - Shared Session Token in SMS Login Flow (00:06:26)
4. FINDING #3 - Java Deserialisation to Remote Code Execution (00:10:39)
5. OUTRO (00:16:13)
13 Episoden
Alle Folgen
×
Willkommen auf Player FM!
Player FM scannt gerade das Web nach Podcasts mit hoher Qualität, die du genießen kannst. Es ist die beste Podcast-App und funktioniert auf Android, iPhone und im Web. Melde dich an, um Abos geräteübergreifend zu synchronisieren.
Ähnelt Hacked & Secured: Pentest Exploits & Mitigations
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
How can business help solve society’s biggest challenges? Welcome to Take on Tomorrow, the award-winning podcast from PwC that examines the biggest problems facing society and the role business can—and should—play in solving them. Hosts Femi Oke and Lizzie O’Leary talk to industry innovators, tech trailblazers and visionary leaders from around the globe about timely topics: from the climate transition to AI and data; and from the future of food to how we build, move and power the world.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
A podcast for developers interested in building great software products. Every episode, Adam Wathan is joined by a guest to talk about everything from product design and user experience to unit testing and system administration.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
Player FM - Podcast-App
Gehen Sie mit der App Player FM offline!
Gehen Sie mit der App Player FM offline!
