Y
Hacker News
new
|
ask
|
show
|
jobs
by
rst
2322 days ago
It's on the current OWASP top ten as one case of "Broken Access Control" (scenario 1):
https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top...
(In at least one prior edition, it had an entry of its own as "Insecure Direct Object Reference".)
1 comments
tptacek
2322 days ago
At some point before that, it was known as "forced browsing", though that name took on a more particular meaning and then fell away. It is by far the most common software vulnerability.
link