Quick Intro to Insecure Direct Object References (IDORs) & How You Can Fix Them

AWS Developers · Beginner ·🔐 Cybersecurity ·2y ago

In this video you're going to learn about a common application vulnerability called Insecure Direct Object Reference (IDOR). AWS Developer Advocate, Dennis Traub, will show you what it is, why it can pose a security risk, and most importantly, how you can protect yourself. Resources: 🌐 Follow along on Community.AWS: https://community.aws/posts/owasp-top-10-defined/04-what-is-an-insecure-direct-object-reference 🧃OWASP Juice Shop: https://github.com/juice-shop Follow AWS Developers! 🐦 Twitter: https://www.twitter.com/awsdevelopers 💼 LinkedIn: https://www.linkedin.com/showcase/aws-developers/ 👾 Twitch: https://twitch.tv/aws 📺 Instagram: https://www.instagram.com/awsdevelopers/?hl=en Chapters: 0:00 - Intro 0:14 - What is an IDOR and why is it a risk? 0:37 - Example and demo of an IDOR 2:22 - How to NOT fix an IDOR vulnerability 2:48 - How to fix an IDOR vulnerability 3:10 - Demo of the fix #security #owasp #appsec

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from AWS Developers · AWS Developers · 0 of 60

← Previous Next →

Using Microsoft Active Directory across On-premises and Cloud Workloads

Using Microsoft Active Directory across On-premises and Cloud Workloads

What is Cloud Computing with AWS? | Hebrew Webinar

What is Cloud Computing with AWS? | Hebrew Webinar

Best Practices for Getting Started with AWS | Hebrew Webinar

Best Practices for Getting Started with AWS | Hebrew Webinar

Best Practices for Using AWS Identity and Access Management (IAM) Roles

Best Practices for Using AWS Identity and Access Management (IAM) Roles

Building Scalable Web Apps | Hebrew Webinar

Building Scalable Web Apps | Hebrew Webinar

Dev & Test on the AWS Cloud | Hebrew Webinar

Dev & Test on the AWS Cloud | Hebrew Webinar

Storage & Backup on AWS | Hebrew webinar

Storage & Backup on AWS | Hebrew webinar

Disaster Recovery on AWS | Hebrew Webinar

Disaster Recovery on AWS | Hebrew Webinar

AWS Israel News | Episode 1

AWS Israel News | Episode 1

Security Best Practices on AWS | Hebrew Webinar

Security Best Practices on AWS | Hebrew Webinar

Ready: Introduction to AI on AWS | Hebrew Webinar

Ready: Introduction to AI on AWS | Hebrew Webinar

Set: What is ML for developers? | Hebrew Webinar

Set: What is ML for developers? | Hebrew Webinar

Go!: Building your own ChatBot with Amazon Lex | Hebrew Webinar

Go!: Building your own ChatBot with Amazon Lex | Hebrew Webinar

And Beyond: Amazon Sagemaker | Hebrew Webinar

And Beyond: Amazon Sagemaker | Hebrew Webinar

Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech Talks

Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech Talks

Understanding AWS Secrets Manager - AWS Online Tech Talks

Understanding AWS Secrets Manager - AWS Online Tech Talks

Best Practices for Building Enterprise Grade APIs with Amazon API Gateway - AWS Online Tech Talks

Best Practices for Building Enterprise Grade APIs with Amazon API Gateway - AWS Online Tech Talks

Build, Train and Deploy Machine Learning Models on AWS with Amazon SageMaker - AWS Online Tech Talks

Build, Train and Deploy Machine Learning Models on AWS with Amazon SageMaker - AWS Online Tech Talks

AWS Israel News | Episode 2 | re:Invent

AWS Israel News | Episode 2 | re:Invent

AWS Floor28 News - January

AWS Floor28 News - January

AWS Floor28 News - February - Hebrew

AWS Floor28 News - February - Hebrew

AWS Floor28 News - March - Hebrew

AWS Floor28 News - March - Hebrew

AWS Floor28 News - April - Hebrew

AWS Floor28 News - April - Hebrew

AWS Floor28 News - May - Hebrew

AWS Floor28 News - May - Hebrew

Authentication for Your Applications: Getting Started with Amazon Cognito - AWS Online Tech Talks

Authentication for Your Applications: Getting Started with Amazon Cognito - AWS Online Tech Talks

AWS Floor28 News - June - Hebrew

AWS Floor28 News - June - Hebrew

AWS Floor28 News - July - Hebrew

AWS Floor28 News - July - Hebrew

Enriching your app with Image Recognition and AWS AI Services - AWS Webinar - Hebrew

Enriching your app with Image Recognition and AWS AI Services - AWS Webinar - Hebrew

Personalize, Forcast, and Textract - AWS Webinar - Hebrew

Personalize, Forcast, and Textract - AWS Webinar - Hebrew

Managing Your ML Development Lifecycle with Amazon SageMaker - AWS Webinar - Hebrew

Managing Your ML Development Lifecycle with Amazon SageMaker - AWS Webinar - Hebrew

Running your ML code in Amazon Sagemaker - AWS Webinar - Hebrew

Running your ML code in Amazon Sagemaker - AWS Webinar - Hebrew

Get Started in Minutes with Amazon Connect in Your Contact Center - AWS Online Tech Talks

Get Started in Minutes with Amazon Connect in Your Contact Center - AWS Online Tech Talks

AWS Floor28 News - August - Hebrew

AWS Floor28 News - August - Hebrew

AWS Floor28 News - September - Hebrew

AWS Floor28 News - September - Hebrew

Deep Dive on Amazon EventBridge - AWS Online Tech Talks

Deep Dive on Amazon EventBridge - AWS Online Tech Talks

Advanced Serverless Orchestration with AWS Step Functions - AWS Online Tech Talks

Advanced Serverless Orchestration with AWS Step Functions - AWS Online Tech Talks

Living on the Edge - an Introduction to Amazon CloudFront and Lambda@Edge - Hebrew Webinar

Living on the Edge - an Introduction to Amazon CloudFront and Lambda@Edge - Hebrew Webinar

AWS Floor28 News - October - Hebrew - YouTube

AWS Floor28 News - October - Hebrew - YouTube

What's New with AWS Storage - AWS Online Tech Talks

What's New with AWS Storage - AWS Online Tech Talks

How to Build a Compelling Migration Business Case Using TSO Logic - AWS Online Tech Talks

How to Build a Compelling Migration Business Case Using TSO Logic - AWS Online Tech Talks

Configuring and Managing Amazon S3 Replication - AWS Online Tech Talks

Configuring and Managing Amazon S3 Replication - AWS Online Tech Talks

AWS Floor28 News - November - Hebrew

AWS Floor28 News - November - Hebrew

Using Relational Databases with AWS Lambda - Easy Connection Pooling - AWS Online Tech Talks

Using Relational Databases with AWS Lambda - Easy Connection Pooling - AWS Online Tech Talks

AWS Floor28 News - December 2019 - Hebrew

AWS Floor28 News - December 2019 - Hebrew

AWS Floor28 News - January 2020 - Hebrew

AWS Floor28 News - January 2020 - Hebrew

Top 10 Data Migration Best Practices - AWS Online Tech Talks

Top 10 Data Migration Best Practices - AWS Online Tech Talks

How to Use Azure Active Directory with AWS SSO - AWS Online Tech Talks

How to Use Azure Active Directory with AWS SSO - AWS Online Tech Talks

AWS Tips & Tricks - Amazon Redshift Advisor - Hebrew

AWS Tips & Tricks - Amazon Redshift Advisor - Hebrew

AWS Tips & Tricks - Amazon Redshift Elastic Resize - Hebrew

AWS Tips & Tricks - Amazon Redshift Elastic Resize - Hebrew

AWS Tips & Tricks - Amazon Redshift Spectrum - Hebrew

AWS Tips & Tricks - Amazon Redshift Spectrum - Hebrew

AWS Tips & Tricks - Savings Plans & Cost Explorer - Hebrew

AWS Tips & Tricks - Savings Plans & Cost Explorer - Hebrew

AWS Tips & Tricks - Amazon Redshift Concurrency Scaling - Hebrew

AWS Tips & Tricks - Amazon Redshift Concurrency Scaling - Hebrew

AWS Tips & Tricks - Training Models with Amazon SageMaker - Hebrew

AWS Tips & Tricks - Training Models with Amazon SageMaker - Hebrew

AWS Tips & Tricks - Auto Model Tuning with Amazon SageMaker - Hebrew

AWS Tips & Tricks - Auto Model Tuning with Amazon SageMaker - Hebrew

AWS Tips & Tricks - Amazon Comprehend - Hebrew

AWS Tips & Tricks - Amazon Comprehend - Hebrew

Understanding High Availability and Disaster Recovery Features for Amazon RDS for Oracle

Understanding High Availability and Disaster Recovery Features for Amazon RDS for Oracle

Amazon Forecast – Forecasting - From Months to Days (Hebrew)

Amazon Forecast – Forecasting - From Months to Days (Hebrew)

Visualize your data with Amazon QuickSight (Hebrew)

Visualize your data with Amazon QuickSight (Hebrew)

Amazon Kendra (Hebrew)

Amazon Kendra (Hebrew)

AWS Floor28 News - AI/ML Special Edition

AWS Floor28 News - AI/ML Special Edition

Related AI Lessons

The Most Valuable Person in the AI Era Isn’t the Generalist. It’s the Specialist Who Got Curious.

In the AI era, specialists who think like generalists are most valuable, bringing unique perspectives to cybersecurity and other fields.

Medium · Cybersecurity

🔐 Zero Trust Security in Web Applications: Why “Never Trust, Always Verify” Is the Future of Cybersecurity

Learn how Zero Trust Security can protect web applications by verifying user identity and permissions at every step, not just at login

Dev.to · Okoye Ndidiamaka

Google Introduces Cloud Fraud Defense as Successor to reCAPTCHA

Google Cloud Fraud Defense replaces reCAPTCHA, enhancing online fraud detection beyond bot detection, to prevent fake accounts and automated attacks

TryHackMe Walkthrough | Command Injection

Learn command injection hacking in a legal and safe environment using TryHackMe

Medium · Cybersecurity

Chapters (6)

Intro

0:14 What is an IDOR and why is it a risk?

0:37 Example and demo of an IDOR

2:22 How to NOT fix an IDOR vulnerability

2:48 How to fix an IDOR vulnerability

3:10 Demo of the fix

Physical Security & Identity Management