[richardbarosky]

I'd never heard of that acronym before myself.

Insecure = no access control/authorization

Direct Object reference = URL

https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Dire...

"Direct Object Reference is fundamentally a Access Control problem."