Preventing and Detecting IDOR + Hands on Hacking with LogSnare

Hey Friends! Hope everyone had a most excellent summer, and now that we have passed the equinox we can officially begin our Fall lineup! While security never sleeps, I do enjoy our summer breaks, and I am excited to return to see everyone’s smiling faces and hear about what we’ve all been up to!

Please join us for this session where our very own Zac Davis takes the floor. This presentation builds on a 2024 OWASP Philly talk where Zac explored Insecure Direct Object References (IDOR), one of the most common and impactful web application vulnerabilities (and his personal favorite to exploit).

In this session, Zac will revisit real-world IDOR examples before showing how DomainGuard has implemented both preventive and detective controls to protect its platform against these attacks. The talk will conclude with a hands-on exercise using LogSnare, an intentionally vulnerable web application designed to help participants practice identifying and exploiting IDOR flaws. (https://github.com/sea-erkin/log-snare)

See you all there,
Higgs

PS Lite Refreshments will be served :)