Insecure Direct Object References- A Security Hole

A “strange” security hole with a long, and difficult-to-read name.

Photo by Markus Spiske on Unsplash

What is strange?

This security hole is “strange” in that it is in the top 4 OWASP, but there is very little documentation about it. It is not known as XSS or CSRF or SQL Injection (Although its OWASP rank is much higher than XSS or CSRF).