O'Reilly logo

Web Application Security by Vincent Liu, Bryan Sullivan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Insecure Direct Object References

We’ve spent a lot of time discussing SQL injection so far, and for good reason, given how widespread these vulnerabilities are and how damaging they can be when they’re exploited. But SQL injection is by no means the only form of remote attack against SQL databases. In this section, we’ll take a look at a completely different vulnerability known as the insecure direct object reference.

No Technical Knowledge Required

The term insecure direct object reference is the way OWASP describes a particular type of authorization flaw that leads to data compromise. To explain this vulnerability, let’s give our sales team management example application that we’ve been using a little more functionality, and have it keep records ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required