The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing a joint Cybersecurity Advisory (CSA), Preventing Web Application Access Control Abuse, to warn vendors, designers, developers, and end-user organizations of web applications about insecure direct object reference (IDOR) vulnerabilities. These vulnerabilities are frequently exploited by malicious actors in data breach incidents and have resulted in the compromise of personal, financial, and health information of millions of users and consumers.
ACSC, CISA, and NSA strongly encourage vendors, designers, developers, and end-user organizations to review the CSA, Preventing Web Application Access Control Abuse, for best practices, recommendations, and mitigations to reduce the prevalence of IDOR vulnerabilities and ensure web applications are secure-by-design and -default.
To report or share information on incidents and unusual activity, contact CISA at report to CISA or our 24/7 Operations Center at report@cisa.gov or (888) 282-0870.
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released one Industrial Control Systems (ICS) advisory on October 14, 2025. These advisories provide…
Today, CISA issued Emergency Directive ED 26-01: Mitigate Vulnerabilities in F5 Devices to direct Federal…
CISA released thirteen Industrial Control Systems (ICS) advisories on October 16, 2025. These advisories provide…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
This website uses cookies.