security-review-owasp-insecure-direct-object-reference-prevention

Community

Find IDOR gaps before attackers do

Authorsjinks
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Helps reviewers find missing object-level authorization, weak identifier handling, and workflow-binding gaps that can let one user access another user's data or actions.

Core Features & Use Cases

  • Reviews REST, GraphQL, RPC, and server-rendered flows that fetch, mutate, export, or delete objects by identifier.
  • Checks batch operations, nested resources, admin tooling, and service-to-service access for per-object authorization.
  • Useful for auditing user profiles, orders, files, webhooks, and multi-step workflows where tampering with IDs could reveal or change protected objects.

Quick Start

Ask this skill to review the relevant flow, endpoint, or files for object-level authorization and identifier tampering risks.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: security-review-owasp-insecure-direct-object-reference-prevention
Download link: https://github.com/sjinks/ai-owasp-skillset/archive/main.zip#security-review-owasp-insecure-direct-object-reference-prevention

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.