Y
Hacker News
new
|
ask
|
show
|
jobs
by
mytailorisrich
2324 days ago
It should be said that an "unscoped find" is a generic and serious design flaw, which isn't specific to Rails.
1 comments
rst
2324 days ago
It's on the current OWASP top ten as one case of "Broken Access Control" (scenario 1):
https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top...
(In at least one prior edition, it had an entry of its own as "Insecure Direct Object Reference".)
link
tptacek
2324 days ago
At some point before that, it was known as "forced browsing", though that name took on a more particular meaning and then fell away. It is by far the most common software vulnerability.
link
(In at least one prior edition, it had an entry of its own as "Insecure Direct Object Reference".)