What's the name of the technique for getting data from a web application you aren't supposed to get?



  • This question is about getting the name of a testing concept. For example, say you have a REST route which requires that you be logged in. When you call that route and provide the ID of another user within your group, you get that user's profile. If you call that route with the ID of a user who isn't in your group, you shouldn't be allowed to view that profile. If someone were to provide the ID of a user which doesn't exist, then either... say that the user isn't in your group say that the user doesn't exist The problem with the latter is that someone could start plugging in ID numbers until they find the most recently created user, and thus can determine (roughly) how many users are in the database. All this leads to the question: "does this technique have a name"? Also, is this considered "security testing" and/or "confidentiality testing"?



  • This is a technique in penetration testing to detect a vulnerability called "Insecure Direct Object References", 4th on OWASP Top 10 list. Regarding whether this is security or confidentiality testing. I would say both as confidentiality is just one of the measures in security testing: A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring the security.


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2