Broken Access Control
# Vulnerable code (insufficient access control checks)
userId = request.getParameter("userId")
if isAuthorizedUser(userId):
viewUserData(userId)
# Secure code (proper access control checks)
userId = request.getParameter("userId")
if isAuthorizedUser(userId, loggedInUserId):
viewUserData(userId)Last updated