From the course: The OWASP API Security Top 10: An Overview
Unlock the full course today
Join today to access over 24,000 courses taught by industry experts.
API1:2019 broken object level authorization
From the course: The OWASP API Security Top 10: An Overview
API1:2019 broken object level authorization
- [Instructor] So number one on the OWASP API security top 10 is broken object level authorization. So OWASP explains that broken object level authorization occurs because quote, APIs tend to expose endpoints that handle object identifiers creating a wide attack surface level access control issue. Object level authorization checks should be considered in every function that accesses a data source using input from the user. Okay, I know that sounds like a lot, but don't worry. We're going to make sure we break it down here. So first broken object level authorization, or bola is also known as insecure direct object references, or IDOR which is a vulnerability that's found in web applications. Bola or IDORs are access control vulnerabilities that occur when user supplied input is used to access other resources that they should not have access to regularly. For example, a user substitutes their user ID or token with one belonging…
Contents
-
-
-
-
(Locked)
API1:2019 broken object level authorization3m 17s
-
(Locked)
API2:2019 broken authentication3m 9s
-
(Locked)
API3:2019 excessive data exposure3m 24s
-
(Locked)
API4:2019 lack of resources and rate limiting3m 56s
-
(Locked)
API5:2019 broken function level authorization3m 30s
-
(Locked)
API6:2019 mass assignment2m 18s
-
(Locked)
API7:2019 security misconfigurations2m 49s
-
(Locked)
API8:2019 injection2m 32s
-
(Locked)
API9:2019 improper assets management3m 2s
-
(Locked)
API10:2019 insufficient logging and monitoring2m 41s
-
(Locked)
-