application-security
Broken Access Control IDOR
Insecure Direct Object Reference
Definition
An IDOR vulnerability occurs when an application uses user-controllable input (like an ID in a URL) to directly access objects without verifying the requesting user has permission to access that specific object. Attackers enumerate or guess IDs to access other users' records, documents, or account data.
Prevention requires server-side authorization checks on every access, verifying that the authenticated user owns or has permission for the specific resource requested.
Ship secure code faster
Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.