More Related Content


Information Security Session (IDOR) - Null Meet Chennai

  1. IDOR Vignesh Chandrasekeran
  2. IDOR – Common Mistakes
  3. What to Verify ? 1. For direct references to restricted resources, the application needs to verify the user is authorized to access the exact resource they have requested. 2. If the reference is an indirect reference, the mapping to the direct reference must be limited to values authorized for the current user.
  4. Simple find !!! Huge data Leak !!!
  5. My Record
  6. Change ID , Job Done!!!
  7. Simple Remediation Ø Using per-session of per-user indirect references Ø Checking access rights for direct references
  8. Finally we are Done!!