A01:2021 – Broken Access Control

GPTKB entity

Statements (19)
Predicate Object
gptkbp:instanceOf gptkb:OWASP_Top_10_vulnerability
gptkbp:affects Web applications
gptkbp:category Access control vulnerability
gptkbp:describes Improper enforcement of user permissions
gptkbp:documentedIn OWASP Top 10 2021 report
gptkbp:example Privilege escalation
Force browsing
Insecure direct object references
URL tampering
https://www.w3.org/2000/01/rdf-schema#label A01:2021 – Broken Access Control
gptkbp:mitigatedBy Deny by default
Enforce least privilege
Log access control failures
gptkbp:partOf OWASP Top 10:2021
gptkbp:publishedIn 2021
gptkbp:rank 1
gptkbp:replacedBy A5:2017 – Broken Access Control
gptkbp:bfsParent gptkb:OWASP_Top_10
gptkbp:bfsLayer 6