CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse

The Australian Cyber Security Centre, the U.S. Cybersecurity and Infrastructure Security Agency, and the U.S. National Security Agency have released a joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.

IDOR vulnerabilities are frequently exploited by malicious actors in data breach incidents because they are common, hard to prevent outside the development process, and can be abused at scale. Members are strongly encouraged to review and implement the processes listed in the mitigations section, which are intended for both organizations who develop web applications and organizations who are end users of such applications. Read more at CISA.