Testing for Insecure Direct Object References
OWASP Web Security Testing Guide 4.2 > 5. Authorization Testing > 5.4. Testing for Insecure Direct Object References
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
5.4 | WSTG-ATHZ-04 | Testing for Insecure Direct Object References | - Identify points where object references may occur. - Assess the access control measures and if they're vulnerable to IDOR. For example: Force changing parameter value (?invoice=123 -> ?invoice=456) |