Statements (40)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Web_Security_Vulnerability
|
| gptkbp:affects |
APIs
Mobile Applications Web Applications |
| gptkbp:category |
A01:2021 in OWASP Top Ten
|
| gptkbp:cause |
gptkb:Privilege_Escalation
gptkb:Data_Breach Unauthorized Access Account Takeover |
| gptkbp:commonIn |
Improper Authorization Checks
Insecure ID References Missing Authentication Unvalidated User Input |
| gptkbp:describedBy |
gptkb:OWASP_Top_Ten
|
| gptkbp:detects |
Penetration Testing
Automated Scanning Code Review |
| gptkbp:example |
gptkb:Horizontal_Privilege_Escalation
gptkb:Vertical_Privilege_Escalation Force Browsing Insecure Direct Object Reference Missing Function Level Access Control |
| gptkbp:firstAppearance |
OWASP Top Ten 2004
|
| gptkbp:impact |
Availability Loss
Confidentiality Loss Integrity Loss |
| gptkbp:prevention |
gptkb:Least_Privilege_Principle
Access Control Testing Deny by Default Enforce Server-Side Access Controls |
| gptkbp:relatedStandard |
gptkb:CWE-284
gptkb:CWE-862 gptkb:CWE-863 CWE-285 CWE-639 |
| gptkbp:riskFactor |
High
|
| gptkbp:bfsParent |
gptkb:OWASP_Top_10_vulnerabilities
gptkb:OWASP_Top_Ten |
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
Broken Access Control
|