What threat are you vulnerable to if you do not validate - ProProfs Discuss
Topics-
Products +
     

What threat are you vulnerable to if you do not validate authorization of user for direct references to restricted resources?



A. SQL Injection
B. Cross Site Scripting
C. Cross Site Request Forgery
D. Insecure Direct Object References

This question is part of OWASP TOP 10
Asked by Daringanandh, Last updated: Aug 01, 2019

+ AnswerRequest Answer
...

3 Answers

C. Perez

Just getting better day by day

C. PerezWriter, Writer, Cleveland
Writer, Writer, Cleveland

Answered on Aug 01, 2019

The correct answer to this question is D, Insecure Direct Object References. These references happen when an application gives direct access to objects. The access is based on an input supplied by a user. This makes attackers get through authorization and access resources in the system.

The resources could be records or files. It can also include the modification values of parameters. There are ways to test the vulnerability, including mapping out locations where the user input was used. Insecure Direct Object References can come in many forms, including attack mechanics, where the URLs are manipulated through a request. They can manipulate the URL and parameter.

 Reply

R. Hazlewood

Here to relax my mind a bit

R. HazlewoodSenior Executive, MBA, Louisville
Senior Executive, MBA, Louisville

Answered on Feb 26, 2019

The correct answer to this question is D. When an application offers direct access to objects due to input provided by the user, this is called an Insecure Direct Object Reference. If a user's authorization is not validated, an attacker can access the system and directly access resources such as files, directories, or database records, making the system vulnerable to being hacked and important data stolen.

Unfortunately, according to the Open Web Application Security Project (OWASP), it is more commonplace than many people would think that an insecure direct object references vulnerability, making this vulnerability easy to exploit in many systems.

 Reply

daringanandh

Daringanandh

Answered on Feb 13, 2018

Insecure Direct Object References
 Reply

Search for Google images
Select a recommended image
Upload from your computer
Search for Google images
Select a recommended image
Upload from your computer
Search for Google images
Select a recommended image
Upload from your computer

Email Sent
We have sent an email to your address "" with instructions to reset your password.