This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.
8.7
Rating
0
Installs
Security
Category
Excellent security testing skill with comprehensive IDOR vulnerability assessment guidance. The description clearly covers all invocation scenarios (IDOR testing, broken access control, authorization bypass). Task knowledge is outstanding with detailed methodologies, Burp Suite workflows, exploit techniques, enumeration strategies, and remediation code examples. Structure is logical and well-organized with clear sections, reference tables, and a practical checklist. The skill demonstrates high novelty as systematic IDOR testing with proper tooling and multi-account verification would require substantial CLI effort and security expertise. Minor improvement possible: could benefit from a separate reference file for the extensive checklists/tables to make SKILL.md more concise, though current organization remains clear. Overall, this is a production-ready skill that meaningfully reduces the cost and complexity of professional security testing.
davila7
Skill Author
Loading SKILL.md…
