#OWASP.

Articles tagged with #OWASP.

Hide direct object references to increase application security

Whenever a user is about to access certain data within your web application you want to make sure, he has only access his data, not other user's data. A critical measure to prevent vulnerabilities here, is to implement tight authorization checks on a functional level. This is very essential to security and should not be missed. Anyhow, you can increase security further with a fairly simple additional measure.User controlled keysTo access a specific object, like a database record or […]

Read more