OWASP Top 10 -Broken Access Control

  • Formerly Broken Authentication and Session Management
  • Stealing of accounts and disguising as other users by insiders.
  • Flaws in log-outs, password management, time-outs, Remember Me functionality etc.

Solutions

  • Deny Access by Default (except for public data)
  • Action Group Assignment

What's on your mind?

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.