|
|
|
|
|
|
by gitremote
313 days ago
|
|
|
> Not justifying it, but many applications consider the uniqueness of the URL enough protection to prevent discovery. Yes, that's why it's the #1 most common web security vulnerability in production code: https://owasp.org/Top10/A01_2021-Broken_Access_Control/ "Permitting viewing or editing someone else's account, by providing its unique identifier (insecure direct object references)" What vibe coding promoters don't understand is that the average web developer hasn't learned web security 101. Proof: HN commenter points out that "A01:2021 – Broken Access Control" is completely normal in production code. |
|
|