🚀🔥🙏 Please consider becoming a member to support my work 🙏🔥🚀 Support! - New Discord! - Hire Me! - Watch Live! - Free Tools! - Connect! - Authenticated Testing on Starbucks' public bug bounty program on HackerOne, searching for IDORs and Access Control violations. 00:00 - IDOR vs Access Control Violation 07:29 - Choosing a Program 09:55 - Taking Notes is Mandatory 12:06 - Registering Accounts 18:59 - Locating Attack Vectors in Cookies 25:31 - Identifying Important Cookies 26:45 - How to Use Pointers 28:30 - Testing for IDORs in JWTs 39:14 - Identifying Mechanisms 46:40 - Avoiding False Positives 57:11 - Identifying Objects 1:00:14 - Testing for IDORs in APIs 1:10:30 - Grouping Mechanisms By Client ID Process 1:23:01 - Best-Case Scenario for IDORs