insecure direct object reference
ebaturvaline objekti otseviide, ohtlik otseviide
olemus
turvaauk päringutes, milles
objektiidentifikaatorite kontroll on puudulik:
viide siseobjektile, mis võimaldab
pääsu reguleerimiseta pöördust
=
a type of access control issue that occur when a web application developer uses only identifiers to directly point to page elements that should be subject to access control or require authorization
ülevaateid
https://en.wikipedia.org/wiki/Insecure_direct_object_reference
https://www.invicti.com/learn/insecure-direct-object-references-idor/
https://www.benoist.ch/SoftSec/slides/insecureDirectObjectReference/slidesInsecureDirectObjectReference.pdf
https://securityboulevard.com/2020/02/insecure-direct-object-reference-idor-web-based-application-security-part-6/
https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004)
tõrje
https://affinity-it-security.com/how-to-prevent-insecure-direct-object-references/
http://www.cs.tufts.edu/comp/116/archive/fall2014/hwang.pdf
https://www.owasp.org/index.php/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet
https://spanning.com/blog/insecure-direct-object-reference-web-based-application-security-part-6/