Risk: Users can access unauthorized functionality or data. Includes privilege escalation, unauthorized resource access, and bypassing access controls.
Discover common authorization flaws, test IDORs and missing access checks, and implement strong, centralized authorization.
Exploit IDORs in a safe app, add missing checks, and validate fixes with tests and tooling.
Centralize authorization, minimize object references, and log access denials with context.