security-review-owasp-insecure-direct-object-reference-prevention
CommunityFind IDOR gaps before attackers do
Authorsjinks
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Helps reviewers find missing object-level authorization, weak identifier handling, and workflow-binding gaps that can let one user access another user's data or actions.
Core Features & Use Cases
- Reviews REST, GraphQL, RPC, and server-rendered flows that fetch, mutate, export, or delete objects by identifier.
- Checks batch operations, nested resources, admin tooling, and service-to-service access for per-object authorization.
- Useful for auditing user profiles, orders, files, webhooks, and multi-step workflows where tampering with IDs could reveal or change protected objects.
Quick Start
Ask this skill to review the relevant flow, endpoint, or files for object-level authorization and identifier tampering risks.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: security-review-owasp-insecure-direct-object-reference-prevention Download link: https://github.com/sjinks/ai-owasp-skillset/archive/main.zip#security-review-owasp-insecure-direct-object-reference-prevention Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.