From the course: Developing Secure Software (2015)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Insecure direct object references countermeasures
From the course: Developing Secure Software (2015)
Insecure direct object references countermeasures
The best way to minimize the possibility of introducing the direct object reference vulnerability is to test your source code. Luckily, spotting this type of vulnerability is relatively easy. A routine code review should be able to detect most of this type of vulnerabilities. When doing the code review, you need to pay attention to all object references and check if the reference mechanisms go through a proper access control step restricting the access only to authorized users. Automated tools may have a difficult time in detecting direct object reference vulnerabilities, mainly because of its inability to tell what is allowed and what is not. Therefore, manual inspection is a must in this case.
Contents
-
-
-
-
-
-
Setting the stage34s
-
(Locked)
Buffer overflow attacks1m 41s
-
(Locked)
Buffer overflow countermeasures1m 44s
-
(Locked)
Broken authentication and session management1m 7s
-
(Locked)
Broken authentication and session management countermeasures2m 1s
-
(Locked)
Insecure direct object references1m 24s
-
(Locked)
Insecure direct object references countermeasures52s
-
(Locked)
Sensitive information exposure1m 6s
-
(Locked)
Sensitive data exposure countermeasures1m 37s
-
(Locked)
Other secure coding best practices2m 22s
-
-
-
-