Some of you are probably wondering, WHAT ON EARTH IS IDOR? IDOR, or insecure direct object reference, is a common vulnerability that is sometimes misunderstood by even some of the most seasoned security professional. The basic concept is that a user-controlled parameter is used to directly reference and access a resource, but the application does…Continue reading Staples Canada – The IDOR that just kept giving
Bell Smart Home – The importance of proper mobile testing
With a heavy push for native mobile apps in the last 10 years, there has been a large corresponding growth in the mobile appsec space. With the OWASP Mobile Top 10, which was initially released in 2014 and updated in 2016, many organizations have a framework to use to properly secure their APIs and mobile…Continue reading Bell Smart Home – The importance of proper mobile testing
Insecure use of unique identifiers
In March 2020, our team started a couple of security research projects including participating in bug bounty programs, looking at IoT devices, and passively looking at mobile apps that have weak authentication and authorization controls. We came across one app called Remind, which is used by one of our team members to interact with their…Continue reading Insecure use of unique identifiers