Insecure Direct Object References- A Security Hole

Photo by Markus Spiske on Unsplash

What is strange?

This security hole is “strange” in that it is in the top 4 OWASP, but there is very little documentation about it. It is not known as XSS or CSRF or SQL Injection (Although its OWASP rank is much higher than XSS or CSRF).

Photo by Moon Bhuyan on Unsplash

How to take advantage of the vulnerability

Very casually, I discovered this error while helping a younger brother test the sales web project.

How to take advantage of the vulnerability

Prevention

Photo by Paweł Czerwiński on Unsplash

Some additional sources for reference:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Beribey

Beribey

Always be nice to anybody who has access to my toothbrush.