insecure direct object reference
ebaturvaline objekti otseviide, ohtlik otseviide

olemus
turvaauk päringutes, milles
objektiidentifikaatorite kontroll on puudulik:
viide siseobjektile, mis võimaldab
pääsu reguleerimiseta pöördust
=
a type of access control issue that occur when a web application developer uses only identifiers to directly point to page elements that should be subject to access control or require authorization


ülevaateid
https://en.wikipedia.org/wiki/Insecure_direct_object_reference

https://www.invicti.com/learn/insecure-direct-object-references-idor/

https://www.benoist.ch/SoftSec/slides/insecureDirectObjectReference/slidesInsecureDirectObjectReference.pdf

https://securityboulevard.com/2020/02/insecure-direct-object-reference-idor-web-based-application-security-part-6/

https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004)

tõrje
https://affinity-it-security.com/how-to-prevent-insecure-direct-object-references/

http://www.cs.tufts.edu/comp/116/archive/fall2014/hwang.pdf

https://www.owasp.org/index.php/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet

https://spanning.com/blog/insecure-direct-object-reference-web-based-application-security-part-6/

Toimub laadimine

insecure direct object reference
ebaturvaline objekti otseviide, ohtlik otseviide

olemus
turvaauk päringutes, milles
objektiidentifikaatorite kontroll on puudulik:
viide siseobjektile, mis võimaldab
pääsu reguleerimiseta pöördust
=
a type of access control issue that occur when a web application developer uses only identifiers to directly point to page elements that should be subject to access control or require authorization


ülevaateid
https://en.wikipedia.org/wiki/Insecure_direct_object_reference

https://www.invicti.com/learn/insecure-direct-object-references-idor/

https://www.benoist.ch/SoftSec/slides/insecureDirectObjectReference/slidesInsecureDirectObjectReference.pdf

https://securityboulevard.com/2020/02/insecure-direct-object-reference-idor-web-based-application-security-part-6/

https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004)

tõrje
https://affinity-it-security.com/how-to-prevent-insecure-direct-object-references/

http://www.cs.tufts.edu/comp/116/archive/fall2014/hwang.pdf

https://www.owasp.org/index.php/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet

https://spanning.com/blog/insecure-direct-object-reference-web-based-application-security-part-6/

Palun oodake...

Tõrge

insecure direct object reference
ebaturvaline objekti otseviide, ohtlik otseviide

olemus
turvaauk päringutes, milles
objektiidentifikaatorite kontroll on puudulik:
viide siseobjektile, mis võimaldab
pääsu reguleerimiseta pöördust
=
a type of access control issue that occur when a web application developer uses only identifiers to directly point to page elements that should be subject to access control or require authorization


ülevaateid
https://en.wikipedia.org/wiki/Insecure_direct_object_reference

https://www.invicti.com/learn/insecure-direct-object-references-idor/

https://www.benoist.ch/SoftSec/slides/insecureDirectObjectReference/slidesInsecureDirectObjectReference.pdf

https://securityboulevard.com/2020/02/insecure-direct-object-reference-idor-web-based-application-security-part-6/

https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004)

tõrje
https://affinity-it-security.com/how-to-prevent-insecure-direct-object-references/

http://www.cs.tufts.edu/comp/116/archive/fall2014/hwang.pdf

https://www.owasp.org/index.php/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet

https://spanning.com/blog/insecure-direct-object-reference-web-based-application-security-part-6/

Andmete allalaadimisel või töötlemisel esines tehniline tõrge.
Vabandame!