undefined | Better HN

0 pointsrst6y ago0 comments

It's on the current OWASP top ten as one case of "Broken Access Control" (scenario 1): https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top...

(In at least one prior edition, it had an entry of its own as "Insecure Direct Object Reference".)

0 comments

tptacek6y ago

At some point before that, it was known as "forced browsing", though that name took on a more particular meaning and then fell away. It is by far the most common software vulnerability.

j / k navigate · click thread line to collapse

0 pointsrst6y ago0 comments

It's on the current OWASP top ten as one case of "Broken Access Control" (scenario 1): https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top...

(In at least one prior edition, it had an entry of its own as "Insecure Direct Object Reference".)

0 comments

tptacek6y ago

At some point before that, it was known as "forced browsing", though that name took on a more particular meaning and then fell away. It is by far the most common software vulnerability.

j / k navigate · click thread line to collapse