Glossary

IDOR (Insecure Direct Object Reference)

An access control vulnerability where a user can access other users' resources by modifying an identifier in the request (numeric ID, UUID). IDORs are common in REST APIs and allow viewing, modifying, or deleting other users' data. It is one of the most frequently found flaws during SMB audits.

Related Pages

bola idor api exposes customer databola

Other Terms

2FA/MFA (Multi-Factor Authentication)

AES (Advanced Encryption Standard)

AI Agent

ANSSI (French National Cybersecurity Agency)

Back to glossary

Need an external review of your HR SaaS?

Share your product, stack, and client context. We will come back with the right review scope.

Discuss your audit