all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Watch Out for UUIDs in Request Parameters

Add to bookmarks
Sept. 22, 2022, 1:03 p.m. | Nathan Noll

TrustedSec www.trustedsec.com

The Plugin: https://github.com/GeoffWalton/UUID-Watcher Some time ago on the TrustedSec Security Podcast, I shared a Burp Suite plugin I developed to hunt Insecure Direct Object Reference (IDOR) issues where applications might be using UUIDs or GUIDs (unique identifiers) as keys, assuming discovery attacks will not be possible. The plugin produces a report that helps identify which...


The post Watch Out for UUIDs in Request Parameters appeared first on TrustedSec.

application security assessment penetration testing request security testing & analysis watch

Visit resource

More from www.trustedsec.com / TrustedSec

PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 3 6 days, 9 hours ago | www.trustedsec.com
dss identification management pci +5
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 2 1 week, 1 day ago | www.trustedsec.com
dss identification management pci +6
PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 1 1 week, 6 days ago | www.trustedsec.com
dss identification management pci +4
A Hitch-Hacker's Guide To DACL-Based Detections - The Addendum 2 weeks, 1 day ago | www.trustedsec.com
active directory attributes blog detections +7
Observations From Business Email Compromise (BEC) Attacks 2 weeks, 6 days ago | www.trustedsec.com
attacks bec business business email compromise +7
From Chaos to Clarity: Organizing Data With Structured Formats 4 weeks, 1 day ago | www.trustedsec.com
bonus chaos clarity data +6
Securing Sensitive Data: How Ransomware Challenges the Healthcare Industry 1 month ago | www.trustedsec.com
attacks blog blog post can +15
From Error to Entry: Cracking the Code of Password-Spraying Tools 1 month ago | www.trustedsec.com
authors blog blog post code +11
Failure to Restrict URL Access: It’s Still a Thing 1 month, 1 week ago | www.trustedsec.com
access application application security failure +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cyber Threat Analyst

@ Peraton | Morrisville, NC, United States
View on infosec-jobs.com

Kyndryl Offensive Security Professional - Threat-Led Penetration Testing (TLPT) and Red Teaming

@ Kyndryl | Sao Paulo (KBR51645) WeWork Office
View on infosec-jobs.com

Consultant en Cyber Sécurité - Spécialiste PKI H/F

@ Devoteam | Levallois-Perret, France
View on infosec-jobs.com

Cloud Security Architect - Advisor (Remote)

@ Fannie Mae | Reston, VA, United States
View on infosec-jobs.com

OT Cybersecurity Engineer

@ SBM Offshore | Bengaluru, IN, 560071
View on infosec-jobs.com
View more jobs