Broken Access Control

GPTKB entity

Statements (39)
Predicate Object
gptkbp:instanceOf Web Security Vulnerability
gptkbp:affects APIs
Mobile Applications
Web Applications
gptkbp:category A01:2021 in OWASP Top Ten
gptkbp:cause gptkb:Privilege_Escalation
gptkb:Data_Breach
Unauthorized Access
Account Takeover
gptkbp:commonIn Improper Authorization Checks
Insecure ID References
Missing Authentication
Unvalidated User Input
gptkbp:describedBy gptkb:OWASP_Top_Ten
gptkbp:detects Penetration Testing
Automated Scanning
Code Review
gptkbp:example gptkb:Horizontal_Privilege_Escalation
gptkb:Vertical_Privilege_Escalation
Force Browsing
Insecure Direct Object Reference
Missing Function Level Access Control
gptkbp:firstAppearance OWASP Top Ten 2004
https://www.w3.org/2000/01/rdf-schema#label Broken Access Control
gptkbp:impact Availability Loss
Confidentiality Loss
Integrity Loss
gptkbp:prevention gptkb:Least_Privilege_Principle
Access Control Testing
Deny by Default
Enforce Server-Side Access Controls
gptkbp:relatedStandard gptkb:CWE-284
gptkb:CWE-862
gptkb:CWE-863
CWE-285
CWE-639
gptkbp:riskFactor High
gptkbp:bfsParent gptkb:OWASP_Top_Ten
gptkbp:bfsLayer 5