Broken Object Property Level Authorization

GPTKB entity

Statements (21)
Predicate Object
gptkbp:instanceOf web application vulnerability
gptkbp:affects APIs
gptkbp:alsoKnownAs BOPLA
gptkbp:category gptkb:security
gptkbp:cause data manipulation
privilege escalation
data leakage
gptkbp:describedBy gptkb:OWASP_API_Security_Top_10
gptkbp:example user can update fields they should not have access to
gptkbp:firstDescribed 2023
https://www.w3.org/2000/01/rdf-schema#label Broken Object Property Level Authorization
gptkbp:mitigatedBy test API endpoints for property-level access
use attribute-based access control
use object-level authorization
gptkbp:prevention enforce least privilege
implement proper authorization checks
validate user permissions for each property
gptkbp:relatedTo gptkb:Broken_Object_Level_Authorization
gptkbp:riskFactor unauthorized access to sensitive data
gptkbp:bfsParent gptkb:OWASP_API_Security_Top_10
gptkbp:bfsLayer 7