Statements (39)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Web Security Vulnerability
|
gptkbp:affects |
APIs
Mobile Applications Web Applications |
gptkbp:category |
A01:2021 in OWASP Top Ten
|
gptkbp:cause |
gptkb:Privilege_Escalation
gptkb:Data_Breach Unauthorized Access Account Takeover |
gptkbp:commonIn |
Improper Authorization Checks
Insecure ID References Missing Authentication Unvalidated User Input |
gptkbp:describedBy |
gptkb:OWASP_Top_Ten
|
gptkbp:detects |
Penetration Testing
Automated Scanning Code Review |
gptkbp:example |
gptkb:Horizontal_Privilege_Escalation
gptkb:Vertical_Privilege_Escalation Force Browsing Insecure Direct Object Reference Missing Function Level Access Control |
gptkbp:firstAppearance |
OWASP Top Ten 2004
|
https://www.w3.org/2000/01/rdf-schema#label |
Broken Access Control
|
gptkbp:impact |
Availability Loss
Confidentiality Loss Integrity Loss |
gptkbp:prevention |
gptkb:Least_Privilege_Principle
Access Control Testing Deny by Default Enforce Server-Side Access Controls |
gptkbp:relatedStandard |
gptkb:CWE-284
gptkb:CWE-862 gptkb:CWE-863 CWE-285 CWE-639 |
gptkbp:riskFactor |
High
|
gptkbp:bfsParent |
gptkb:OWASP_Top_Ten
|
gptkbp:bfsLayer |
5
|