HawkScan Test Info for API Active IDOR Validation

API Active IDOR Validation

Reference

Plugin Id: 40056 | CWE: 639

Resource

https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html

Remediation

To mitigate Active IDOR vulnerabilities, implement the following security measures:

Indirect Object References: Use indirect object references instead of direct identifiers to prevent predictable ID manipulation.
Authorization Validation: Implement proper authorization checks before allowing access to any resource referenced by an ID.
Session-Based Access Control: Validate that users can only access objects that belong to their session or account.
ID Randomization: Use randomized, non-sequential identifiers to make ID prediction more difficult for attackers.

About

Active IDOR (Insecure Direct Object Reference) validation actively tests for vulnerabilities where applications expose direct references to internal objects. This allows attackers to manipulate parameters to access unauthorized data.

Risks

Active IDOR vulnerabilities can result in:

Unauthorized access to user data and resources
Horizontal and vertical privilege escalation
Data enumeration and information disclosure
Privacy violations and data breaches
Manipulation of objects belonging to other users