How to "prove" that using MS GUID alone is not proper user access control
How can I demonstrate concretely (to leadership and developer) that using a MS v4 GUID and relying on the "difficulty" to guess the GUID of other resources in the app is not a secure form of AuthZ.
I probably can’t guess a random… Continue reading How to "prove" that using MS GUID alone is not proper user access control