@securedbycasco: Can someone steal your users' data just by pasting a URL? If your app doesn't check who's asking for that data, then yes. In this one I break down one of the most common vulnerabilities we find at Casco: Insecure Direct Object Reference, or IDOR. Change a single ID in a URL, and a broken app will hand over someone else's private data. If you're vibe coding an app right now, watch this before you ship it. #cybersecurity #vibecoding #softwareengineering #startup
ChatGPT, create comprehensive security plan, make no mistakes
2026-07-01 02:53:20
188
Bungflavor :
no because why would I role my own auth
2026-07-01 11:11:31
4
objectivelycorrect_ :
This are all basically 2025 problems
2026-07-01 22:41:54
3
Milupa55 :
any decent security audit skill will pick up on these, it's just a simple due diligence and best practice to do this
2026-07-01 04:48:09
27
dougdougdoug :
Implement JWTs with refresh and accesss tokens, make your websites api endpoints require the token to view the data and if no token then throw error message that they arent signed in
2026-07-01 02:35:16
15
justin :
ChatGPT setup middleware and authentication and rate limiting, any security you could think of
2026-07-01 13:20:30
1
Hokageofyadd :
IDOR
2026-07-02 00:42:13
0
A Darker World :
lol not just vibe coders... so many companies before AI had flaws like this or worse
2026-07-01 18:59:21
1
Jamesssss :
Middleware & authentication
2026-07-01 13:01:20
3
Jens Humke :
Ever heard about DBSC
2026-07-01 17:10:06
0
🎖️𝐋ᴜ֟፝ᴘɪ 🍣 :
this is basic auth security. all AI I use know about this (yes I tested them all)
2026-07-01 09:10:15
2
something simple :
lol no
2026-07-01 03:24:13
0
emotionalblueprint :
I love your style
2026-07-01 13:37:42
0
CJ :
websites in the 90s were like /order. asp?id=1508 🤣
2026-07-01 18:42:02
1
Arsenicx2 :
Prove it! Serioulsy name one major public production website or app that fails to authenticate a session and accepts any URL.
2026-07-01 19:56:24
1
foo8088 :
require_once ‘auth.php’; 🤣
2026-07-01 10:19:28
0
El-Bethel :
good luck trying to login to /dashboard
2026-07-01 12:36:13
0
fullm3talpacket :
AuthN/AuthZ
2026-07-01 15:18:07
0
Mat (Masha supremacist🧡) :
If you vibe code blindy without any plan at all yea it will probably have a security risk😭
2026-07-01 21:57:10
0
Icy :
Blah blah blah
2026-07-01 19:58:50
0
ash :
Not my app, no. 😏
2026-07-01 20:14:38
0
user65732771262 :
Dm
2026-07-01 18:34:28
0
Alessandro2488 :
wtf. but these things are the basic of the basic!
2026-07-01 21:41:27
0
CaptainTism :
OAuth brotha 👍
2026-07-01 06:30:55
0
Trippie Dev :
Had some “vibe hacker” tell me that they could see my users data. Now I see they were just seeing other tiktokers lmao
2026-07-01 04:01:10
0
To see more videos from user @securedbycasco, please go to the Tikwm
homepage.