Skip to main content
Webinars

Tales from the Trace: Finding IDORs with Agentic Reasoning

Join XBOW’s Offensive Security Engineers for a deep, trace-level walkthrough of how real Insecure Direct Object References (IDORs) are discovered and exploited in practice, using two 0-day vulnerabilities found in the Spree eCommerce framework.

In this recorded webinar, we’ll show how XBOW’s IDOR module reasons about authorization boundaries where traditional scanners stop at linear checks and error responses.

What you’ll learn:

Two real Spree zero-day IDORs: unauthenticated and cross-cart billing/shipping address access, walked through trace by trace.

Why scanners fail at IDORs: linear ID probing and response diffing break as soon as authorization logic and state come into play.

How XBOW finds them instead: agentic reasoning over objects, roles, and auth states, with access to real data.

Speakers

Fernando Diaz
Fernando Diaz

Offensive Security Engineer @ XBOW

LinkedIn
Adrian Losada Pita
Adrian Losada Pita

Offensive Security Engineer | XBOW @ XBOW

LinkedIn

Related Resources

Webinars
How Moderna CISO is Rethinking Security for the AI Era

How Moderna is Rethinking Security Testing in the Age of Autonomous and AI-Driven Attacks

Nico Waisman
Webinars
Autonomous Offensive Security at Scale: Modern Penetration Testing for Enterprises

Autonomous Offensive Security at Scale: Modern Penetration Testing for Enterprises

Loi Liang Yang
Webinars
Inside AI-Driven Intrusions: What GTG-1002 Means for Defenders

Inside AI-Driven Intrusions: What GTG-1002 Means for Defenders

Nico Waisman, Albert Ziegler