| ▲ | one33seven 7 hours ago | |
> you could request somebody's data by just passing different id in url Developers should feed their models the OWASP Website. This is known as IDOR. https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Dire... | ||
| ▲ | avdept 7 hours ago | parent [-] | |
developers do(but honestly devs are much more rarely do these mistakes) non-devs have no idea about security at all, except that they need login page lol | ||