icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Australia and US Issue Warning About Web App Threats

Cyber Security Threat Summary:
“The Australian and US governments have issued a joint advisory about the growing cyber-threats to web applications and application programming interfaces (APIs). The guidance, Preventing Web Application Access Control Abuse was released by the Australian Cyber Security Centre (ACSC), US Cybersecurity and Infrastructure Security Agency (CISA), and US National Security Agency (NSA) on July 27, 2023” (Info Security Magazine, 2023).

The advisory warns web application developers and users about the frequent exploitation of insecure direct object reference (IDOR) vulnerabilities. These are access control vulnerabilities that allow threat actors to modify, delete, or even access sensitive data by issuing requests to a website or API specifying the user identifier of other valid users.

Security Officer Comments:
IDOR vulnerabilities exploited in attacks are often heavily targeted and are commonly found. Outside of the development process, these vulnerabilities can be difficult to prevent. IDOR vulnerabilities have resulted in the compromise of personal, financial, and health information from millions of users. Due to failure of the system to adequately authenticate and supply authorization, threat actors can gain access to sensitive data.

The agencies issued a range of recommendations for vendors, designers, developers and end user organizations to reduce the prevalence of IDOR vulnerabilities.

Suggested Correction(s):


Vendors and Developers

  • Implement secure by design principles into each stage of the software development life cycle (SDLC). Recommended practices can be found in the National Institute of Security and Technology’s (NIST’s) Secure Software Development Framework (SSDF), SP 800-218. Other secure by design recommendations include testing code to identify vulnerabilities and verify compliance with security requirements and conducting role-based training for personnel responsible for secure software development.
  • Establish a vulnerability disclosure program. This should enable the disclosure of security vulnerabilities internally and externally.
End-User Organizations
  • Exercise due diligence when selecting web applications. In particular, source from reputable vendors “that demonstrate commitment to secure by design and default principles.”
  • Apply software patches for web applications as soon as possible
  • Configure the application to log and generate alerts from tamper attempts
  • Create, maintain, and exercise a basic cyber incident response plan (IRP)
The new advisory fits in with the US government’s National Cybersecurity Strategy, which aims to place more responsibility on technology suppliers and developers for the security of software products.

Link(s):
https://media.defense.gov/2023/Jul/
https://www.infosecurity-magazine.com/news/australia-us-warning-web-app/

Contact Us for Threat Assistance
Back to Current Threats