🥷
Red
  • 🟥Overview
  • 📚Education
    • 🧐Guides
    • 🏋️Training
    • 📕Books
    • 🥳Conventions
    • 📰News
    • 🗝️Physical Tools
    • 🗣️Podcasts
    • 📹YT Channels
  • Setup
    • ctf setup
    • Exploitation Frameworks
    • Learning Offense
    • rando
  • ⭕Attacker Lifecycle
    • Steps
      • Engagement
      • 🔬Recon
        • OSINT
        • Active Recon / footprinting
      • 👀Initial Access
        • Exploit
          • SMB
        • Internal Recon
        • Linux Custom Enum Script
        • enumerate Script
        • Windows Privilege Escalation
      • 🧞Privilege Escalation
        • Ways To Privelege Escalate
      • Data Exfil
        • Data Exfil 1
      • Reporting
  • Bug Bounty
    • Bug Bounty Sites
    • OWASP Top 10
      • Injection
      • Broken Authentication
      • Sensitive Data Exposure
      • XML External Entities (XXE)
      • Broken Access Control
      • Security Misconfigurations
      • Cross-Site Scripting (XSS)
      • Insecure Deserialization
      • Using Components with Known Vulnerabilities
      • Insufficient Logging and Monitoring
Powered by GitBook
On this page
  1. Bug Bounty
  2. OWASP Top 10

Broken Access Control

This refers to flaws in the enforcement of access controls and authorization. If access controls are not properly implemented, attackers may be able to gain unauthorized access to functionalities or data.

# Vulnerable code (insufficient access control checks)
userId = request.getParameter("userId")
if isAuthorizedUser(userId):
    viewUserData(userId)

# Secure code (proper access control checks)
userId = request.getParameter("userId")
if isAuthorizedUser(userId, loggedInUserId):
    viewUserData(userId)
PreviousXML External Entities (XXE)NextSecurity Misconfigurations

Last updated 2 years ago