A01:2021 – Broken Access Control
GPTKB entity
Statements (19)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:OWASP_Top_10_vulnerability
|
| gptkbp:affects |
Web applications
|
| gptkbp:category |
Access control vulnerability
|
| gptkbp:describes |
Improper enforcement of user permissions
|
| gptkbp:documentedIn |
OWASP Top 10 2021 report
|
| gptkbp:example |
Privilege escalation
Force browsing Insecure direct object references URL tampering |
| https://www.w3.org/2000/01/rdf-schema#label |
A01:2021 – Broken Access Control
|
| gptkbp:mitigatedBy |
Deny by default
Enforce least privilege Log access control failures |
| gptkbp:partOf |
OWASP Top 10:2021
|
| gptkbp:publishedIn |
2021
|
| gptkbp:rank |
1
|
| gptkbp:replacedBy |
A5:2017 – Broken Access Control
|
| gptkbp:bfsParent |
gptkb:OWASP_Top_10
|
| gptkbp:bfsLayer |
6
|