Safeguard
Tag

idor

Safeguard articles tagged "idor" — guides, analysis, and best practices for software supply chain and application security.

12 articles

Kubernetes Security

Broken object-level authorization in Kubernetes integrations: CVE-2023-1065

One leaked Integration ID was enough to pollute a Snyk customer's findings — CVE-2023-1065 shows why possession of an identifier is not authorization.

Jul 14, 20266 min read
Application Security

Finding and fixing IDOR vulnerabilities in Python

Broken Object Level Authorization has held the #1 spot on the OWASP API Security Top 10 since 2019 — and Django's get_object_or_404() does nothing to stop it.

Jul 8, 20266 min read
Application Security

Secure multi-tenant SaaS access control patterns

Broken Access Control has topped OWASP's Top 10 for two straight cycles, found in 100% of tested apps in 2025 — most of that risk starts with one missing tenant_id check.

Jul 8, 20266 min read
Security Guides

OWASP A01: Broken Access Control — A Deep-Dive Guide

Broken Access Control is the #1 OWASP Top 10 (2021) risk. A deep dive into IDOR, missing authorization, real CVEs, and how to detect and fix it in 2026.

Jul 1, 20267 min read
Vulnerability Guides

What Is IDOR (Insecure Direct Object Reference)?

IDOR lets an attacker swap an ID in a request and read or change data that belongs to someone else. Here is how it works and how to shut it down.

Jul 1, 20266 min read
Vulnerability Analysis

What is Broken Access Control

Broken access control is OWASP's #1 web risk, found in 94% of apps tested. See how IDOR flaws breached First American, USPS, and Parler.

Mar 28, 20266 min read
Vulnerability Analysis

What is Insecure Direct Object Reference (IDOR)

IDOR lets attackers access other users data just by changing an ID in a URL or API call. Learn how it works, real breaches, and how to fix it.

Mar 28, 20267 min read
Application Security

What is Broken Object Level Authorization (BOLA)

BOLA lets attackers swap an object ID in an API request to pull someone else's data. Here's how it works, real breaches, and how to stop it.

Mar 9, 20267 min read
Vulnerability Analysis

Insecure direct object reference (IDOR) explained

IDOR lets attackers access other users' data by editing an ID in a request. See how it broke USPS, Panera, and First American — and how to actually fix it.

Dec 9, 20256 min read
Vulnerability Analysis

Broken access control explained

Broken access control has topped OWASP's Top 10 since 2021. See real breaches, common patterns like IDOR, and how to detect and fix them.

Dec 9, 20257 min read
Industry Analysis

Broken Object Level Authorization (BOLA/IDOR) in APIs

BOLA/IDOR has topped the OWASP API Security Top 10 since 2019. Here's how USPS, Peloton, and Parler got breached by it—and how to catch it before you do.

Nov 7, 20258 min read
Web Security

Authorization Vulnerabilities: Prevention and Best Practices

Authorization flaws let authenticated users access resources and perform actions beyond their intended permissions. Learn the most common authorization vulnerabilities and how to build robust access control systems.

Oct 5, 20237 min read
idor — Safeguard Blog