Missing Function-Level Access Controls in Your Code
Secure Your Node.js Web Application — by Karl Düüna (46 / 78)
The most common mistake people make when implementing access control is misplacing or poorly implementing validation in the code. That means you don’t have access control right before the action that requires it. In this situation, attackers can circumvent access control by figuring out how the application handles the access checks.