What I learnt from reading 220* IDOR bug reports.

banner

IDOR — Insecure Direct Object Reference, abuse of the lack of authentication at every stage.

A while ago, I curled up in bed, with my laptop and a coffee, and scraped every single IDOR report from hackerone. A week or so later, I had compiled notes and findings from my reading and I’m here to show you what I’ve learnt, and how my understanding of a seemingly simple bug has…

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
nynan

nynan

1.1K Followers

Security enthusiast/Bug Bounty | CTI analyst @Cyjax_LTD. https://twitter.com/_nynan. nynan#7665. Alana Witten (she/her)