Most infosec professionals are aware of the massive First Financial Corporation data breach that leaked 885 million sensitive documents in 2019. The damage was caused by a vulnerability called IDOR (Insecure Direct Object Reference) that was present in a First Financial Corporation web application. OWASP (the Open Web Application Security Project) recognizes IDOR as one of the top 10 security vulnerabilities for 2020. IDOR falls into the OWASP category known as Broken Access Control. IDOR is arguably one of the most difficult vulnerabilities to systematically detect and defend against in an enterprise codebase. Its ease of exploitation and potential high impact makes it a very high-risk vulnerability.