Insecure Direct Object References

Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.

Time
30 minutes
Difficulty
Beginner

Rangeforce's Secure Coding Labs - Web Application Security Essentials - OWASP Top 10

Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.

Overview

Introduction Rangeforce’s Secure Coding Lab “Insecure Direct Object References” - OWASP Top 10, is a premium lab aimed to introduce students to Insecure Direct Object References attacks. It is intended for beginner level students and takes approximately 30 minutes to complete. It is part of the career path for becoming a Vulnerability Assessment Analyst.

Lab setup Rangeforce’s Secure Coding Lab “Insecure Direct Object References” - OWASP Top 10, is scenario based. The student steps into the shoes of the young and talented but inexperienced website developer Davey of Angels & Scooters scooter club. Davey is on a level where he can deploy a website based on HTML, CSS, PHP and javascript and add features, but knows nothing about web application security. He recently updated the website with new features like a login/register page, a competition page, and a picture upload feature. Without any intention, he made the web application vulnerable to Insecure Direct Object References (also known as IDOR). It is the task of the student to find this vulnerability and to take suitable counter-measures.

How to start Click on the Launch button now, to level yourself up and help Davey in Rangeforce’s Secure Coding Lab “Insecure Direct Object References” - OWASP Top 10.

What is an Insecure Direct Object Reference Rangeforce’s Secure Coding Lab “Insecure Direct Object References” - OWASP Top 10, deals with an OWASP TOP 10 vulnerability. Insecure Direct Object References is a vulnerability in web applications that allows an attacker to bypass authentication and access data like files or database records directly.

How this skills can be useful the real world Rangeforce’s Secure Coding Lab “Insecure Direct Object References” - OWASP Top 10, teaches skills that can be used in modern bug bounty programs. Knowing about Insecure Direct Object References is crucial to every web developer to avoid data breaches. The lab teaches students about applying the cybersecurity principle of confidentiality. The student will learn to prevent sensitive information from reaching the wrong people.

What you learn In Rangeforce’s Secure Coding Lab “Insecure Direct Object References” - OWASP Top 10, the student learns: • How to test a website for Insecure Direct Object References • How to exploit Insecure Direct Object References • What an attacker can do if he exploits an Insecure Direct Object References bug? • Examples of Insecure Direct Object References the student can encounter in the real world. • Examples of notable data breaches that were caused by Insecure Direct Object References. • Countermeasures to mitigate Insecure Direct Object References. • hands-on knowledge in finding Insecure Direct Object References in a website based on HTML, CSS, PHP and javascript.