Which of the following threat types involves an application developer leaving references to internal information and configurations in code that is exposed to the client?
from AI: Insecure direct object references (IDOR) is a threat type that occurs when an application developer leaves references to internal information in code that is exposed to the client.
Explanation
IDOR
A vulnerability that occurs when an application provides direct access to objects based on user-supplied input. This can happen when an application uses an identifier to access an object in a database without checking for access control or authentication.
Attackers
Attackers can use IDOR to bypass authorization and access resources in the system directly, such as database records or files.
Causes
IDOR can occur due to missing access control checks, which fail to verify whether a user should be allowed to access specific data.
Question not precise enough to clearly choose between A and C.
A if data is generic data (for example, version of the internal database)
C if used by a backend application (for example internal authentication token)
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MaciekMT
1 month agoPika26
3 months agoxroxro
1 year agoakg001
1 year, 3 months agocertifiedgeek
1 year, 3 months agoDarkHorse99
1 year, 1 month ago