Remediation of IDOR Vulnerability
- Developers should avoid displaying private object references such as keys or file names.
- Validation of Parameters should be properly implemented.
- Verification of all the Referenced objects should be done.
- Tokens should be generated in such a way that they should only be mapped to the user and should not be public.
- Use random identifiers so that it will be a little bit hard to guess for attackers.
- Validation of user input should be properly implemented.
Insecure Direct Object Reference (IDOR) Vulnerability
Prerequisites: Burpsuite
One of the most crucial Vulnerabilities listed in the top 10 of OWASP is Insecure Direct Object Reference Vulnerability (IDOR Vulnerability). In this article, we will discuss IDOR Vulnerability. Before moving ahead, let us first discuss Authentication. Authentication means verifying the identity of a person and allowing that person to access specific requests if the user is authenticated (verified). But if a user is not authenticated and can be able to view files i.e. open files in the wrong way as the Hackers/Attackers do?, it is called Broken Authentication. This article will focus on the way an attacker uses Broken Authentication Vulnerabilities that may lead to IDOR.