课程: Programming Foundations: Web Security
今天就开通帐号,24,600 门业界名师课程任您挑!
URL manipulation and Insecure Direct Object Reference (IDOR)
课程: Programming Foundations: Web Security
URL manipulation and Insecure Direct Object Reference (IDOR)
- A URL manipulation attack is when someone edits the URL text in the browser's location bar, in order to probe a website. URLs are easily changed, and they often follow a pattern which makes them inviting targets. Manipulation may be performed by innocent users who are just curious, or by hackers who're probing for vulnerabilities. Editing a URL can reveal private information or allow users to perform actions which should be restricted. Manipulating a URL may reveal a private webpage. The public website may not have a link to that page, or the page may be only accessible under certain conditions. For example, adding "preview=true" to a URL might show an unpublished version of the page. URLs may correspond to a set of files and directories. Changing the URL can help to map that structure. Values in a database can also be mapped. If a page displays a person's contact information, when the URL contains an ID of 27, then an…
下载课程离线学习
下载课程到移动设备,轻松离线学习。在领英学习 iOS 或安卓版 APP 下载课程
内容
-
-
-
-
-
-
(已锁定)
Types of credential attacks4 分钟 55 秒
-
(已锁定)
Strong passwords4 分钟 1 秒
-
(已锁定)
URL manipulation and Insecure Direct Object Reference (IDOR)4 分钟 43 秒
-
(已锁定)
SQL injection6 分钟 16 秒
-
(已锁定)
Cross-Site Scripting (XSS)6 分钟 15 秒
-
(已锁定)
Cross-Site Request Forgery (CSRF)4 分钟 21 秒
-
(已锁定)
Cross-Site Request protections3 分钟 38 秒
-
(已锁定)
Cookie visibility and theft4 分钟 37 秒
-
(已锁定)
Session hijacking5 分钟 8 秒
-
(已锁定)
Session fixation3 分钟 18 秒
-
(已锁定)
Remote system execution2 分钟 8 秒
-
(已锁定)
File upload abuse2 分钟 59 秒
-
(已锁定)
Denial of service4 分钟 55 秒
-
(已锁定)
-