From c06140659c35741533604c72c22705dfc30c4664 Mon Sep 17 00:00:00 2001
From: Mike McCabe <mccabe615@gmail.com>
Date: Tue, 12 Nov 2013 16:10:38 -0500
Subject: [PATCH] updated description with owasp one

---
 .../layouts/tutorial/insecure_dor/_insecure_dor_first.html.erb  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/layouts/tutorial/insecure_dor/_insecure_dor_first.html.erb b/app/views/layouts/tutorial/insecure_dor/_insecure_dor_first.html.erb
index c30b6eb..670b8a3 100755
--- a/app/views/layouts/tutorial/insecure_dor/_insecure_dor_first.html.erb
+++ b/app/views/layouts/tutorial/insecure_dor/_insecure_dor_first.html.erb
@@ -17,7 +17,7 @@
           <div class="accordion-body in collapse" id="collapseOne" style="height: auto;">
             <div class="accordion-inner">
               <p class="desc">
-	A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.
+	Applications frequently use the actual name or key of an object when generating web pages. Applications don’t always verify the user is authorized for the target object. This results in an insecure direct object reference flaw. Testers can easily manipulate parameter values to detect such flaws. Code analysis quickly shows whether authorization is properly verified.
 	 		  </p>
             </div>
           </div>