Additional Object Security with UUIDs
One of the most critical vulnerabilities a Web application can have is an insecure direct object reference. Such vulnerability normaly exists due to an (usually database) object id that an user can directly access and manipulate (and!) that is not authorized correctly. An example that we often see is something like this: http(s)://www.example.com?id=123 or within … Read more