Broken Object Property Level Authorization
GPTKB entity
Statements (21)
Predicate | Object |
---|---|
gptkbp:instanceOf |
web application vulnerability
|
gptkbp:affects |
APIs
|
gptkbp:alsoKnownAs |
BOPLA
|
gptkbp:category |
gptkb:security
|
gptkbp:cause |
data manipulation
privilege escalation data leakage |
gptkbp:describedBy |
gptkb:OWASP_API_Security_Top_10
|
gptkbp:example |
user can update fields they should not have access to
|
gptkbp:firstDescribed |
2023
|
https://www.w3.org/2000/01/rdf-schema#label |
Broken Object Property Level Authorization
|
gptkbp:mitigatedBy |
test API endpoints for property-level access
use attribute-based access control use object-level authorization |
gptkbp:prevention |
enforce least privilege
implement proper authorization checks validate user permissions for each property |
gptkbp:relatedTo |
gptkb:Broken_Object_Level_Authorization
|
gptkbp:riskFactor |
unauthorized access to sensitive data
|
gptkbp:bfsParent |
gptkb:OWASP_API_Security_Top_10
|
gptkbp:bfsLayer |
7
|