From the course: The OWASP API 2023 Top 10: An Overview
Join today to access over 24,100 courses taught by industry experts.
API5:2023 Broken Function-Level Authorization
From the course: The OWASP API 2023 Top 10: An Overview
API5:2023 Broken Function-Level Authorization
- Holding onto the fifth spot in the new OWASP API Security Top 10 is Broken Function-Level Authorization. OWASP describes this vulnerability as, "Complex access control policies with different hierarchies, groups, and roles, and an unclear separation between administrative and regular functions, tend to lead to authorization flaws. By exploiting these issues, attackers gain access to other users' resources and/or administrative functions." So before we get into it, let's start with a recap of the previously mentioned Broken Object-Level Authorization, or BOLA, vulnerability. These occur when resources can be accessed without the proper authorization checks, leaving them unprotected. Broken Function-Level Authorization is similar to BOLA but targets the functions of an equal or higher privilege. Think of BFLA as the annoying friend or family member of BOLA that always pretends to be in charge. That's the different…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
API1:2023 Broken Object-Level Authorization3m 39s
-
(Locked)
API2:2023 Broken Authentication2m 54s
-
(Locked)
API3:2023 Broken Object-Property-Level Authorization3m 46s
-
(Locked)
API4:2023 Unrestricted Resource Consumption3m 9s
-
(Locked)
API5:2023 Broken Function-Level Authorization3m 8s
-
(Locked)
API6:2023 Unrestricted Access to Sensitive Business Flows2m 54s
-
(Locked)
API7:2023 Server-Side Request Forgery2m 11s
-
(Locked)
API8:2023 Security Misconfigurations3m 40s
-
(Locked)
API9:2023 Improper Inventory Management3m 5s
-
(Locked)
API10:2023 Unsafe Consumption of APIs3m 33s
-
(Locked)
-