Slideshow: Five common Web application vulnerabilities and mitigations

By

Brandan Blevins

5/6

Got insecure direct object references? Be random, unpredictable

Source: Thinkstock

Insecure direct object references are another common security weakness in Web applications. They are the result of application developers coding under the assumption that rules will always be followed by users. In this case, an attacker may be able to guess a user's ID and resubmit a data request if that user's account ID is shown in the page URL or in a hidden field. Such sensitive data is often incorrectly exposed in URLs, hidden form fields, drop-down list boxes, JavaScript code and so on.

To prevent attackers from taking advantage of insecure direct object references, applications should use random, unpredictable IDs and file and object names. The actual names of objects should also never be exposed, and when a user tries to access a sensitive file, their authorization to do so should be verified every time, not just once.

View All Photo Stories

SearchCloudSecurity

Automate app security with SaaS security posture management
Keeping track of cloud application security settings and configurations businesswide is no easy task. Automate this cumbersome ...
What are cloud containers and how do they work?
Containers in cloud computing have evolved from a security buzzword. Deployment of cloud containers is now an essential element ...
Invest in cloud security to future-proof your organization
The cloud has opened many opportunities for enterprises to maintain operations during the pandemic, but it has also created ...

SearchNetworking

Enterprises look to formalize WFH network architecture
As work-from-home programs prove they're here to stay, enterprise network teams are assessing their network designs to ensure ...
5G core network functionality driven by SDN, NFV
To reap the full benefits of 5G, operators are using SDN, NFV and network slicing to build out core network functionality.
An introductory overview of 5G network capabilities
In this Q&A, author William Stallings discusses 5G services, such as network slicing and QoS, and other topics covered in his ...

SearchCIO

Inside look at Equifax's $1.5B digital transformation journey
A massive digital transformation effort at Equifax is gaining momentum. CTO Bryson Koehler talks about overhauling data ...
FTC's change to policy could make for healthier mergers
Cornell's Robert Hockett said the FTC's recent decision to rescind a 1995 policy could help prevent bad mergers, as scrutiny of ...
Chinese regulatory crackdown is about control, not data privacy
Despite China's messaging, analysts believe the government's recent regulatory tightening on tech companies is more about control...

SearchEnterpriseDesktop

Comparing offerings: Microsoft 365 vs. Google Workspace
Microsoft 365 vs. Google Workspace is a difficult choice, so organizations should evaluate each offering's features and pricing ...
Enterprise IT pros unclear on Microsoft Windows 11 benefits
Microsoft recently unveiled Windows 11, but its consumer-focused presentation left IT pros with questions about hardware ...
What's included in Microsoft 365 subscription plans
Microsoft 365 has different licensing plans for all kinds of businesses. Learn about the different subscription plans that ...

SearchCloudComputing

Key aspects of RPA in the cloud
As more enterprises prioritize automation, RPA seeks to build upon that growth within the cloud sector. Learn why vendors see the...
Dive into DigitalOcean Droplets and App Platform
DigitalOcean vies with AWS, Azure and others by targeting developers and startups. See what it has to offer and how it competes ...
4 best practices for big data security in cloud computing
When dealing with vast amounts of data in the cloud, enterprises need to be proactive with security. Don't wait for a threat to ...

ComputerWeekly.com

Joint parliamentary committee to scrutinise Online Safety Bill
A parliamentary “super committee” made up of MPs and lords has been established to scrutinise government online harms approach
Hospitality firms must accelerate digital transformation to secure long-term recovery
Key retail sector must respond quickly to new post-pandemic digital-first demands and consumer behaviours to regain competitive ...
IDC: Double-digit global smartphone growth in second quarter
Analyst finds global consumers around the world continue to show the need for mobile devices, and a particular increasing ...

Close