@securedbycasco: Can someone steal your users' data just by pasting a URL? If your app doesn't check who's asking for that data, then yes. In this one I break down one of the most common vulnerabilities we find at Casco: Insecure Direct Object Reference, or IDOR. Change a single ID in a URL, and a broken app will hand over someone else's private data. If you're vibe coding an app right now, watch this before you ship it. #cybersecurity #vibecoding #softwareengineering #startup

Casco
Casco
Open In TikTok:
Region: US
Wednesday 01 July 2026 01:03:37 GMT
80424
2897
39
179

Music

Download

Comments

dangerousartificial
Dangerous Artificial :
ChatGPT, create comprehensive security plan, make no mistakes
2026-07-01 02:53:20
188
bungflavor
Bungflavor :
no because why would I role my own auth
2026-07-01 11:11:31
4
objectivelycorrect_
objectivelycorrect_ :
This are all basically 2025 problems
2026-07-01 22:41:54
3
milupa55
Milupa55 :
any decent security audit skill will pick up on these, it's just a simple due diligence and best practice to do this
2026-07-01 04:48:09
27
dougdougdoug_
dougdougdoug :
Implement JWTs with refresh and accesss tokens, make your websites api endpoints require the token to view the data and if no token then throw error message that they arent signed in
2026-07-01 02:35:16
15
heinhtetaung6342
justin :
ChatGPT setup middleware and authentication and rate limiting, any security you could think of
2026-07-01 13:20:30
1
yaddhokage
Hokageofyadd :
IDOR
2026-07-02 00:42:13
0
adarkerworld
A Darker World :
lol not just vibe coders... so many companies before AI had flaws like this or worse
2026-07-01 18:59:21
1
malikkkkk97
Jamesssss :
Middleware & authentication
2026-07-01 13:01:20
3
jenshumke0
Jens Humke :
Ever heard about DBSC
2026-07-01 17:10:06
0
lutfihamka
🎖️𝐋ᴜ֟፝ᴘɪ 🍣 :
this is basic auth security. all AI I use know about this (yes I tested them all)
2026-07-01 09:10:15
2
some_thing_simple
something simple :
lol no
2026-07-01 03:24:13
0
emotionalblueprint
emotionalblueprint :
I love your style
2026-07-01 13:37:42
0
dinosaurarse
CJ :
websites in the 90s were like /order. asp?id=1508 🤣
2026-07-01 18:42:02
1
arsenicx2
Arsenicx2 :
Prove it! Serioulsy name one major public production website or app that fails to authenticate a session and accepts any URL.
2026-07-01 19:56:24
1
foo8088
foo8088 :
require_once ‘auth.php’; 🤣
2026-07-01 10:19:28
0
laxbethel
El-Bethel :
good luck trying to login to /dashboard
2026-07-01 12:36:13
0
fullm3talpacket
fullm3talpacket :
AuthN/AuthZ
2026-07-01 15:18:07
0
mashasupremacy
Mat (Masha supremacist🧡) :
If you vibe code blindy without any plan at all yea it will probably have a security risk😭
2026-07-01 21:57:10
0
icyytope
Icy :
Blah blah blah
2026-07-01 19:58:50
0
ash_hakopyan
ash :
Not my app, no. 😏
2026-07-01 20:14:38
0
userpxbdjc8hjy
user65732771262 :
Dm
2026-07-01 18:34:28
0
rihan90000
Alessandro2488 :
wtf. but these things are the basic of the basic!
2026-07-01 21:41:27
0
coleslaw69696969
CaptainTism :
OAuth brotha 👍
2026-07-01 06:30:55
0
devintrippie
Trippie Dev :
Had some “vibe hacker” tell me that they could see my users data. Now I see they were just seeing other tiktokers lmao
2026-07-01 04:01:10
0
To see more videos from user @securedbycasco, please go to the Tikwm homepage.

Other Videos


About