yehgdotnet/gist:c841e191afb5c490409f7769a128e022

## gistfile1.txt
The most effective control against insecure direct object reference attacks is to avoid exposing internal functionality of the software using a direct object reference that can be easily manipulated.


The following are some defensive strategies that can be taken to accomplish this objective:

■ Use indirect object reference by using an index of the value or a reference map so that direct parameter manipulation is rendered futile unless the attacker also is aware of how the parameter maps to the internal functionality.

■ Do not expose internal objects directly via URLs or form parameters to the end user.

■ Either mask or cryptographically protect (encrypt/hash) exposed parameters, especially querystring key value pairs.

■ Validate the input (change in the object/parameter value) to ensure that the change is allowed as per the whitelist.

■ Perform multi access control and authorization checks each and every time a parameter is changed, according to the principle of complete mediation. If a direct object reference must be used, it is important to ensure that the user is authorized before using it.

■ Use RBAC to enforce roles at appropriate boundaries and reduce attack surface by mapping roles with the data and functionality. This will protect against attackers who are trying to attack users with a different role (vertical authorization) but not against users who are at the same role (horizontal authorization)

■ Ensure that both context and content based RBAC is in place.


Manual code reviews and parameter manipulation testing can be used to detect and address insecure direct object reference flaws. Automated tools often fall short of detecting insecure direct object reference because they are not aware of what object require protection and what the safe or unsafe values are.
	The most effective control against insecure direct object reference attacks is to avoid exposing internal functionality of the software using a direct object reference that can be easily manipulated.



	The following are some defensive strategies that can be taken to accomplish this objective:

	■ Use indirect object reference by using an index of the value or a reference map so that direct parameter manipulation is rendered futile unless the attacker also is aware of how the parameter maps to the internal functionality.

	■ Do not expose internal objects directly via URLs or form parameters to the end user.

	■ Either mask or cryptographically protect (encrypt/hash) exposed parameters, especially querystring key value pairs.

	■ Validate the input (change in the object/parameter value) to ensure that the change is allowed as per the whitelist.

	■ Perform multi access control and authorization checks each and every time a parameter is changed, according to the principle of complete mediation. If a direct object reference must be used, it is important to ensure that the user is authorized before using it.

	■ Use RBAC to enforce roles at appropriate boundaries and reduce attack surface by mapping roles with the data and functionality. This will protect against attackers who are trying to attack users with a different role (vertical authorization) but not against users who are at the same role (horizontal authorization)

	■ Ensure that both context and content based RBAC is in place.



	Manual code reviews and parameter manipulation testing can be used to detect and address insecure direct object reference flaws. Automated tools often fall short of detecting insecure direct object reference because they are not aware of what object require protection and what the safe or unsafe values are.