Broken access control vulnerabilities occur when restrictions on what authenticated users are allowed to do are not properly enforced, potentially leading to unauthorized information access, modification, or destruction.
Broken Access Control Overview
Insecure Direct Object References (IDOR)
Missing Function Level Access Control
Horizontal Privilege Escalation
Vertical Privilege Escalation
Bypassing Access Controls
Improper Access Control in APIs
Forced Browsing
Path Traversal
Missing Authorization Checks
Broken Access Control in Single Page Applications
Broken Access Control Prevention Checklist