A penetration tester observes an application enforcing strict access controls. Which of the following would allow the tester to bypass these controls and successfully access the organization’s sensitive files?
Direct Object Reference allows a user to access pages directly by specifically knowing(or guessing) what it is that they are looking for. It allows users to bypass authentication and in some cases *cough* even paywalls. For example, one could use the URL of this webpage and alter it to access further questions without paying for them as long as they know how the website displays resources in its URL bar. (wink wink)
Insecure direct object references occur when an application provides direct access to objects based on user input, allowing attackers to bypass authorization and access sensitive files directly
Insecure direct object references occur when an application provides direct access to objects based on user input, allowing attackers to bypass authorization and access sensitive files directly
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
throughthefray
5 months, 2 weeks agostudy_study
3 weeks, 1 day agoJohhnymone
8 months, 3 weeks agodeeden
1 year, 1 month agoHedwig74
1 year agodeeden
1 year, 1 month ago041ba31
1 year, 1 month ago