Which open web application security project (OWASP) Top 9 Coding Flaws leads to security issues?

The correct choice is that a direct object reference leads to security issues. This coding flaw occurs when an application uses user-supplied input to directly access objects, such as files or database entries, without proper validation. If an application does not validate whether the user requesting access has the appropriate permissions to view or modify that specific object, malicious users can exploit this vulnerability to gain unauthorized access to sensitive data or perform unauthorized actions.

For example, if a web application allows users to access their own profile information via a URL containing a user ID, an attacker could simply change the user ID in the URL to that of another user and gain access to their profile, provided that the application does not check for permissions. This flaw emphasizes the importance of implementing proper access controls and validating user permissions in applications to protect sensitive data and resources from unauthorized access.

Other choices, while they also represent security issues in different contexts, do not specifically rest on the direct flaw of exposing object references within the application logic without checking permissions.