What threat are you vulnerable to if you do not validate - ProProfs Discuss
Advertisement

What threat are you vulnerable to if you do not validate authorization of user for direct references to restricted resources?

This question is part of OWASP TOP 10
Asked by R, Last updated: Nov 25, 2020

+ Answer
Request
Question menu
Vote up Vote down

7 Answers

K. Gibson

K. Gibson

Get immense pleasure in traveling and writing about visiting places.

K. Gibson
K. Gibson, Corporate employee, MA, Gloucester

Answered Sep 24, 2020

When you refuse to validate the authorization of the user for direct references to restricted resources, you are vulnerable to insecure direct object references. Insecure Direct Object References, which is abbreviated as IDOR, refer to a kind of access control vulnerability that comes up when an application makes use of user-supplied input to directly access objects.

The appearance of insecure direct object references in the OWASP 2017 top ten is the platform on which it gains its popularity. It is usually found in mobile applications or web applications. This vulnerability works in such a way that an authorized user can extract or obtain the information that pertains to other users.

This vulnerability can be present in relatively any kind of software application. APIs keep getting personal information about users, and this makes IDOR become an issue on an increasingly important level in applications security.

upvote downvote
Reply 

S. Barnes

S. Barnes

Driving down to Knowledge town

S. Barnes
S. Barnes, Chauffeur, Graduate, Seattle

Answered Sep 09, 2020

Insecure Direct Object References, is the correct answer to this question. Insecure Direct Object References occur when applications give a direct route to access objects. The access that the applications give can be based on the input by the user.

Through this, attackers are able to get through the access resources and authorization in the system. These resources could be a number of things, including records or files. It could also be the values of parameters that have been modified. There are many ways to test the vulnerability, such as mapping out the locations where the user input was put it use.

upvote downvote
Reply 

K. Myers

K. Myers

K. Myers
K. Myers, Blogger, Chicago

Answered Mar 18, 2020

The answer to this is insecure direct object references. This is one of the main issues that may occur when some of the bases are not properly covered. For example, there are some links that are a bit open-ended or are not properly protected. There is always a possibility that there are some people who will try to find the IDOR. For example, there may be some details about a customer that is not properly closed off. There are some hackers that may use a certain customer in order to gain more information about the other customers of the website. There is a need for businesses to become extra vigilant about this.
upvote downvote
Reply 

E. James

E. James

E. James
E. James

Answered Mar 12, 2020

Insecure Direct Object References are also known as IDOR. This is a type of access control vulnerability that usually comes up when not all of the bases are covered. For example, there might be times when the information about the customer will be one of the things that will be available in the record index.

If the URL is viewed by attackers, it would be easy to make some changes to the record index. The data of the customer may be retrieved, or the records of other customers may also be viewed so that the attacker can find a more suitable target. This can definitely become a problem in the long run.

upvote downvote
Reply 

C. Perez

C. Perez

Just getting better day by day

C. Perez
C. Perez, Writer, Writer, Cleveland

Answered Aug 01, 2019

The correct answer to this question isInsecure Direct Object References. These references happen when an application gives direct access to objects. The access is based on an input supplied by a user. This makes attackers get through authorization and access resources in the system.

The resources could be records or files. It can also include the modification values of parameters. There are ways to test the vulnerability, including mapping out locations where the user input was used. Insecure Direct Object References can come in many forms, including attack mechanics, where the URLs are manipulated through a request. They can manipulate the URL and parameter.

upvote downvote
Reply 

Robert Hazlewood

Robert Hazlewood

Here to relax my mind a bit

Robert Hazlewood
Robert Hazlewood, Senior Executive, MBA, Louisville

Answered Feb 26, 2019

When an application offers direct access to objects due to input provided by the user, this is called an Insecure Direct Object Reference. If a user's authorization is not validated, an attacker can access the system and directly access resources such as files, directories, or database records, making the system vulnerable to being hacked and important data stolen.

Unfortunately, according to the Open Web Application Security Project (OWASP), it is more commonplace than many people would think that an insecure direct object references vulnerability, making this vulnerability easy to exploit in many systems.

upvote downvote
Reply 

daringanandh

daringanandh

daringanandh
Daringanandh

Answered Feb 13, 2018

Insecure Direct Object References
upvote downvote
Reply 

Advertisement
Advertisement
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader
Image Preview
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader
Image Preview
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader

Email Sent
We have sent an email to your address "" with instructions to reset your password.