Broken Object Property Level Authorization
GPTKB entity
Statements (21)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:web_application_vulnerability
|
| gptkbp:affects |
APIs
|
| gptkbp:alsoKnownAs |
BOPLA
|
| gptkbp:category |
gptkb:security
|
| gptkbp:cause |
data manipulation
privilege escalation data leakage |
| gptkbp:describedBy |
gptkb:OWASP_API_Security_Top_10
|
| gptkbp:example |
user can update fields they should not have access to
|
| gptkbp:firstDescribed |
2023
|
| gptkbp:mitigatedBy |
test API endpoints for property-level access
use attribute-based access control use object-level authorization |
| gptkbp:prevention |
enforce least privilege
implement proper authorization checks validate user permissions for each property |
| gptkbp:relatedTo |
gptkb:Broken_Object_Level_Authorization
|
| gptkbp:riskFactor |
unauthorized access to sensitive data
|
| gptkbp:bfsParent |
gptkb:OWASP_API_Security_Top_10
|
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
Broken Object Property Level Authorization
|