AdvisoriesCISAAA23-208AJuly 27, 2023
July 27, 2023
The joint Cybersecurity Advisory by the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) aims to warn web application vendors and organizations about insecure direct object reference (IDOR) vulnerabilities. IDOR vulnerabilities, which result from inadequate authentication and authorization checks, allow malicious actors to modify, delete, or access sensitive data by manipulating website or API requests. These vulnerabilities are frequently exploited in data breaches, compromising millions of users' personal, financial, and health information. The advisory encourages implementing secure-by-design principles, using automated tools for code review, and using indirect reference maps to protect against IDOR flaws.
July 27, 2023
Authorization vulnerabilities, such as IDOR, are often discovered through a process known as fuzzing. Fuzzing is a security testing technique that involves automated input of various unexpected data to identify weaknesses in a web application's input validation and processing mechanisms. Because fuzzing is used to identify vulnerable applications, endpoint defenses should aim to detect it occurring both locally and remotely. If a fuzzing process is started on the same host as an EDR, the defense should stop the process immediately. This commonly occurs when an adversary (or insider threat) is running their attack from inside your network. If the fuzzing process is started from outside the perimeter, the EDR will need to detect it through the increase in network traffic. Fuzzing generates a large volume of connections against the server - often to the tune of tens of thousands in just a few seconds. While the firewall should also protect against a fuzzing attack, an EDR should act as the last-line of defense.
Be immediately notified of new advisories and associated security tests
AdvisoryCISAAA24-207AJuly 25, 2024
