Insecure direct object reference (IDOR) TL;DR: Object identifier in the request maps directly to a resource without an authorisation check. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://portswigger.net/web-security/access-control/idor