Get an overview of Insecure Direct Object Reference (IDOR), a security issue where a resource is exposed to the public but does not confirm that a user has valid privileges before granting access.
- [Instructor] Let's take a moment to talk…about a security issue in our application's public context.…It has a name.…Insecure direct object reference.…It's also called IDOR for short.…Insecure direct object reference is when code fails…to verify the user's authorization before giving access…to a restricted resource.…Put another way, there exists a direct reference…to an object which is insecure.…Basically you're viewing something…you should not be able to see.…
This has been ranked as the number four security threat…by OWASP, the Open Web Application Security Project.…So it's a big deal, and it's very common.…It could mean that you simply failed…to check that a user's logged in before you give them access…to a page that should be password protected.…But it doesn't have to be that.…Let me give you an example.…Let's say that we have a url that is the receipt we get…at the end of our transactions on an online store.…Right so I have our receipt id SS48923.…So then we have PHP code that's going to take that url,…it's going to look at that id,…
- Creating a content management system
- Building dynamic content navigation
- Using context and function options for conditional behavior
- Hiding content from the public view
- Insecure direct object reference
- Allowing HTML in dynamic content
- Previewing content in the public context
- Working with cookies and sessions
- Storing status messages in the session
- Secure user authentication (login/logout)
- Regulating page access
- Nesting related resources
- Managing an ordered list automatically
Skill Level Beginner
1. Create a Content Management System
2. Build Dynamic Content Navigation
3. Use Context and Options
4. Cookies and Sessions
5. Regulate Page Access
6. Nesting Related Resources
Next steps1m 15s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.