July 27, 2023

Web Application Access Control Abuse

July 27, 2023

What we know so far

The joint Cybersecurity Advisory by the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) aims to warn web application vendors and organizations about insecure direct object reference (IDOR) vulnerabilities. IDOR vulnerabilities, which result from inadequate authentication and authorization checks, allow malicious actors to modify, delete, or access sensitive data by manipulating website or API requests. These vulnerabilities are frequently exploited in data breaches, compromising millions of users' personal, financial, and health information. The advisory encourages implementing secure-by-design principles, using automated tools for code review, and using indirect reference maps to protect against IDOR flaws.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories