Rio Ananda Putra, Irwan Alnarus Kautsar, H. Hindarto, S. Sumarno
{"title":"Detection and Prevention of Insecure Direct Object References (IDOR) in Website-Based Applications","authors":"Rio Ananda Putra, Irwan Alnarus Kautsar, H. Hindarto, S. Sumarno","doi":"10.21070/pels.v4i0.1435","DOIUrl":null,"url":null,"abstract":"IDOR (Insecure Direct Object References) is a security vulnerability that occurs when a web application does not validate or authorize access to direct objects, such as data or resources, in an adequate manner. In the context of web application security, objects can be files, database records, or other resources identified by a parameter or direct reference. The IDOR technique allows an attacker to manipulate parameters passed to a web application to gain unauthorized access to objects he or she should not have access to. By exploiting this vulnerability, attackers can access, modify, or delete data that should only be accessible to authorized users. One of the dangers in accessing data on websites, data retrieval techniques from object IDs are often vulnerable to Insecure Direct Object References (IDOR) attacks. Therefore, the data retrieval technique from $_SESSION can be a safer alternative to avoid the IDOR security vulnerability. Using this technique, only the account in use can be accessed and does not allow access to other technician accounts. The use of additional query parameters can also increase website security and protect the data and information contained therein. Thus, adding additional validation to the code can help prevent IDOR vulnerabilities from occurring in web applications.","PeriodicalId":143138,"journal":{"name":"Procedia of Engineering and Life Science","volume":"136 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Procedia of Engineering and Life Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21070/pels.v4i0.1435","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
IDOR (Insecure Direct Object References) is a security vulnerability that occurs when a web application does not validate or authorize access to direct objects, such as data or resources, in an adequate manner. In the context of web application security, objects can be files, database records, or other resources identified by a parameter or direct reference. The IDOR technique allows an attacker to manipulate parameters passed to a web application to gain unauthorized access to objects he or she should not have access to. By exploiting this vulnerability, attackers can access, modify, or delete data that should only be accessible to authorized users. One of the dangers in accessing data on websites, data retrieval techniques from object IDs are often vulnerable to Insecure Direct Object References (IDOR) attacks. Therefore, the data retrieval technique from $_SESSION can be a safer alternative to avoid the IDOR security vulnerability. Using this technique, only the account in use can be accessed and does not allow access to other technician accounts. The use of additional query parameters can also increase website security and protect the data and information contained therein. Thus, adding additional validation to the code can help prevent IDOR vulnerabilities from occurring in web applications.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
