.ns { max-width: 760px; margin: 0 auto; padding: 60px 32px; font-family: Inter, sans-serif; color: #f4f4ee; } .ns h1 { font-family: Fraunces, Georgia, serif; font-size: 44px; letter-spacing: -.025em; margin: 16px 0 18px; line-height: 1.08; } .ns h2 { font-family: Fraunces, Georgia, serif; font-size: 26px; letter-spacing: -.015em; margin: 32px 0 12px; } .ns p { font-size: 16px; line-height: 1.7; color: rgba(244,244,238,.8); margin: 0 0 18px; } .ns .meta { font-family: 'JetBrains Mono', monospace; font-size: 11px; letter-spacing: .14em; text-transform: uppercase; color: #c5ff4a; margin-bottom: 8px; } .ns nav a { color: #c5ff4a; text-decoration: none; margin-right: 12px; } .ns nav { font-family: 'JetBrains Mono', monospace; font-size: 11px; letter-spacing: .12em; text-transform: uppercase; padding: 18px 0; border-top: 1px solid rgba(255,255,255,.1); border-bottom: 1px solid rgba(255,255,255,.1); margin: 32px 0; }

Web Application Security · 2024-04-15 · Sneha Iyer

IDOR: The Bug That Keeps Slipping Through

Insecure Direct Object Reference is the most common high-severity finding in our archive. It is also the one scanners cannot find. Here is how we test for it — and how to design it out.

The full article renders with JavaScript enabled. The summary above is provided for accessibility and indexing.