The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), US Cybersecurity and Infrastructure Security Agency (CISA), and US National Security Agency (NSA) have published a joint cybersecurity advisory, Preventing Web Application Access Control Abuse. The document is designed “to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.” More info https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References
US and Australian Government Agencies Urge Check Web App Access Permissions
- Post author:System
- Post published:2 August 2023
- Post category:Blog & News