diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-29 18:08:14 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-29 18:08:14 +0300 |
| commit | 6e33325c1458cb31b4d36a7eec817fa00ec3faaf (patch) | |
| tree | 615b51cfaa9838b427ecc5c02bb40cafed31f356 /doc/development/secure_coding_guidelines.md | |
| parent | bae24262df90b1b16e012360d04a28d54a07be3f (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/development/secure_coding_guidelines.md')
| -rw-r--r-- | doc/development/secure_coding_guidelines.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/development/secure_coding_guidelines.md b/doc/development/secure_coding_guidelines.md index dde35db7ff1..de9d3aa2ffa 100644 --- a/doc/development/secure_coding_guidelines.md +++ b/doc/development/secure_coding_guidelines.md @@ -23,7 +23,7 @@ For more information about the permission model at GitLab, please see [the GitLa ### Impact Improper permission handling can have significant impacts on the security of an application. -Some situations may reveal [sensitive data](https://gitlab.com/gitlab-com/gl-infra/production/issues/477) or allow a malicious actor to perform [harmful actions](https://gitlab.com/gitlab-org/gitlab/-/issues/8180). +Some situations may reveal [sensitive data](https://gitlab.com/gitlab-com/gl-infra/production/-/issues/477) or allow a malicious actor to perform [harmful actions](https://gitlab.com/gitlab-org/gitlab/-/issues/8180). The overall impact depends heavily on what resources can be accessed or modified improperly. A common vulnerability when permission checks are missing is called [IDOR](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References) for Insecure Direct Object References. |