Does this skill cover API security?

Absolutely. It includes specific guidance for testing REST and JSON-based API endpoints where object references are commonly passed in request bodies or URL paths.

What is an IDOR vulnerability?

IDOR (Insecure Direct Object Reference) occurs when an application provides direct access to objects based on user-supplied input, allowing attackers to bypass authorization and access data belonging to other users.

Can I use this skill for automated testing?

Yes, it provides specific configurations for tools like Burp Suite Intruder to automate the enumeration of IDs and parameters for efficient vulnerability discovery.

How do I remediate discovered IDOR vulnerabilities?

The skill provides remediation guidance focused on implementing strict object-level access control checks and using indirect or non-predictable references like UUIDs.

IDOR Security Testing

Name: IDOR Security Testing
Author: claudiodearaujo

byclaudiodearaujo

•

セキュリティとテスト

Identifies and remediates Insecure Direct Object Reference (IDOR) vulnerabilities through systematic testing and exploitation methodologies.

The IDOR Security Testing skill provides a specialized framework for security professionals and developers to detect broken access control within web applications. It offers detailed workflows for identifying vulnerable parameters in URLs, request bodies, and file paths, alongside practical exploitation techniques using tools like Burp Suite. By covering both horizontal and vertical privilege escalation scenarios, the skill helps users uncover unauthorized data access points and provides concrete remediation strategies to implement robust, object-level authorization checks.

主な機能

01Comprehensive detection workflows for database objects and static file references

021 GitHub stars

03Bypass techniques including HTTP method switching and parameter pollution

04Detailed testing checklists for numeric IDs, GUIDs, and predictable patterns

05Step-by-step Burp Suite Intruder configuration for automated ID enumeration

06Remediation guidance with code examples for securing vulnerable endpoints

ユースケース

01Performing security audits to identify unauthorized access to user data

02Verifying API endpoint integrity during backend development and QA

03Testing application resilience against enumeration and brute-force attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro idor-testing

For use in Claude.ai and ChatGPT

Download Skill