insecure direct object references
"Insecure direct object references refer to vulnerabilities in which an application exposes sensitive information or functionality by directly referencing internal object references, allowing unauthorized users to manipulate or access them."
Requires login.
Related Concepts (19)
- access control vulnerabilities
- account hijacking
- cross-site request forgery (csrf)
- cross-site scripting (xss) attacks
- data leakage
- data manipulation
- exploitable business logic vulnerabilities
- inadequate authorization checks
- inadequate secure coding practices
- information disclosure
- privilege escalation
- remote code execution
- session management vulnerabilities
- unauthorized access
- unauthorized data disclosure
- unvalidated direct object references
- user impersonation
- web application exploitation
- web vulnerabilities
Similar Concepts
- dangling pointers
- implicit references
- indirect recursion
- insecure attachment
- insecure coding practices
- insecure cryptographic storage
- insecure deserialization
- insecure file handling
- insecure file permissions
- insecure inter-process communication
- insecure memory access
- insecure temporary file creation
- insecure token storage
- insecurity
- inter-object security relations