Broken Access Control (OWASP A01)
Access control enforces policy such that users cannot act outside their intended permissions.
Skills
- •IDOR - Insecure Direct Object Reference exploitation
- •CSRF - Cross-Site Request Forgery attacks
- •CORS Bypass - CORS misconfiguration exploitation
- •Open Redirect - URL redirect manipulation
Quick Reference
| Attack | Risk | Detection |
|---|---|---|
| IDOR | High | Modify object IDs in requests |
| CSRF | Medium | Check for missing/weak tokens |
| CORS | Medium | Test Origin header reflection |
| Open Redirect | Low-Medium | Test redirect parameters |