From the course: Developing Secure Software (2015)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Insecure direct object references
From the course: Developing Secure Software (2015)
Insecure direct object references
- A direct object reference can happen when a software developer exposes a link to system resources, such as a file or directory. Without proper access control, it is possible for unauthorized user to have access to unintended resources. For example, this type of programming oversight commonly occurs in web applications. Let's say that Mallory is expected to only access her own credit report. But, simply replaces her ID parameter value of the URL with Bob's. Now she has access to Bob's credit report. The coding mistake in this scenario is that without proper access control the programmer exposed a direct reference in the form of ID parameter to system resources, that is, credit reports. What is at risk here is the data or information that could be sensitive and should be protected. The bottom line here is that uncontrolled direct access to system resources is bound to result in data or information leakage. Therefore, software developers should do their best to disallow this type of…
Contents
-
-
-
-
-
-
Setting the stage34s
-
(Locked)
Buffer overflow attacks1m 41s
-
(Locked)
Buffer overflow countermeasures1m 44s
-
(Locked)
Broken authentication and session management1m 7s
-
(Locked)
Broken authentication and session management countermeasures2m 1s
-
(Locked)
Insecure direct object references1m 24s
-
(Locked)
Insecure direct object references countermeasures52s
-
(Locked)
Sensitive information exposure1m 6s
-
(Locked)
Sensitive data exposure countermeasures1m 37s
-
(Locked)
Other secure coding best practices2m 22s
-
-
-
-