M4.8: Discussion insecure directo object reference
Two part: First is the below instruction which have to be post first in order to provide second part which is three student post responses
Introduction
Insecure Direct Object References or IDOR occurs when an application takes input from the user and uses it to retrieve an internal object such as a file or database key without performing sufficient authorization. In these cases, the attacker can then make changes in the references to get access to unauthorized data. In this activity, we will explore more about IDOR vulnerabilities.
Instructions
Before you begin, please read the following:
Enciphers. Insecure Direct Object Reference – a modern age SQLI https://enciphers.com/insecure-direct-object-reference-a-modern-age-sqli/
GeeksforGeeks. Insecure Direct Object Reference (IDOR) Vulnerability https://www.geeksforgeeks.org/insecure-direct-object-reference-idor-vulnerability/
Next, consider a banking application where a unique Id identifies every customer. As we know, HTTP is a stateless protocol, so URL parameters are commonly used by the developer to pass information between the web pages. But, the hacker can manipulate this information to access unauthorized content and resources. For example, the URL www.bank.com/custid=145 is manipulated by the hacker to www.bank.com/custid=156 to access the information of another bank customer. If the request is vulnerable to Insecure Direct Object References (IDOR) you will be able to see the transaction details for that user whose custid=156.
Now, based on your readings and the case above, discuss the following with your peers:
How can IDOR vulnerabilities be detected?
How can IDOR vulnerabilities be prevented?
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
