In this article I’m going to discuss about one of the most important topics in web application security: the OWASP Top 10.
First of all you should know that OWASP is a non-profit organization dedicated to improving the security of software.
OWASP Top 10 is a regularly updated list of the most critical security risks to web applications, based on data from real-world attacks and vulnerabilities and it was lastly updated in 2021.
Let’s explore what the OWASP Top 10 is, why it matters and how you can use it to better protect your applications from cyber threats.
A01:2021 - Broken Access Control
What is it?
In order to understand what broken access control is, first we need to understand what access control is.
Access control is present in a web application in order to allow users to access only the parts they are authorized to, this should prevent one user to access another user sensitive data for instance.
This being said, broken access control is when a user can perform unauthorized requests.
In the example below, John can access Richard’s data.
How to prevent
- Deny access by default to all…
