This is part 2 on the topic of Broken Access Control . This is part of a series of blog posts about the OWASP Top 10. This post will focus on securing applications on the server to prevent insecure direct object references (IDORs).

This is part 1 on the topic of Broken Access Control . This is part of a series of blog posts about the OWASP Top 10. This post will focus on securing applications on the server to avoid security through obscurity and prevent easily bypassed client side checks.