December 2011
Beginner
384 pages
9h 38m
English
Content preview from Web Application Security, A Beginner's GuideBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Insecure Direct Object References
We’ve spent a lot of time discussing SQL injection so far, and for good reason, given how widespread these vulnerabilities are and how damaging they can be when they’re exploited. But SQL injection is by no means the only form of remote attack against SQL databases. In this section, we’ll take a look at a completely different vulnerability known as the insecure direct object reference.
No Technical Knowledge Required
The term insecure direct object reference is the way OWASP describes a particular type of authorization flaw that leads to data compromise. To explain this vulnerability, let’s give our sales team management example application that we’ve been using a little more functionality, and have it keep records ...