11-06, 10:00–10:45 (Canada/Eastern), Twitch
Implementing a password reset function is a very challenging part for every developers. There is no well-defined standard on how to implement a secure password reset functionality in an application. That's why every application has a different way of implementation like sending unique URLs, generating a temporary password, security questions, OTP etc.
Every developer has a different approach of implementing such feature. That's why every time the hacker has to think of a new way to hack. In this talk, I'll be briefly telling some methodologies for achieving Account Takeover via exploiting misconfigured password reset functionality.
Cyber Security Researcher
Bug Bounty Hunter
Penetration Tester
Infosec Trainer
CISO at Damn Secure Pentesting Hub
Freelancer
Speaker
Blogger