Scenario: You are conducting authorization testing for a web application. During your test, you discover that a regular user can access admin-level features without proper authorization. What type of vulnerability have you identified, and how should it be addressed?
- Broken Authentication
- Cross-Site Scripting (XSS)
- Insecure Direct Object References
- SQL Injection
In this scenario, the vulnerability identified is Insecure Direct Object References (IDOR). It occurs when an application exposes internal implementation objects to users without proper authorization. To address this, the application should implement proper access controls and validate user permissions before granting access to sensitive features or data.
Loading...
Related Quiz
- A key purpose of test metrics is to provide data-driven insights to make informed ____________ decisions.
- In the context of compliance and regulatory testing, what is the purpose of penetration testing?
- Scenario: During an audit, you discover that a database uses outdated encryption algorithms that are no longer considered secure. What should be the immediate action to enhance the database's security?
- What is the purpose of the SQL WHERE clause?
- What is an index in the context of database query optimization?