You are currently viewing US and Australian Government Agencies Urge Check Web App Access Permissions

US and Australian Government Agencies Urge Check Web App Access Permissions

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), US Cybersecurity and Infrastructure Security Agency (CISA), and US National Security Agency (NSA) have published a joint cybersecurity advisory, Preventing Web Application Access Control Abuse. The document is designed “to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.” More info https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References