The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

OWASP Top 10: Broken access control

Cybersecurity Research Center

Jan 19, 2023 / 1 min read

Access control ensures that people can only gain access to things they’re supposed to have access to. When access control is broken, an attacker can obtain unauthorized access to information or systems that can put an organization at risk of a data breach or system compromise.

In 2021, the OWASP Top 10 list moved broken access control from the fifth position to first on the list of top vulnerabilities in web applications. According to OWASP, 94% of applications were found to have some form of broken access control, with the average incidence rate of 3.81%.

In this video, Jonathan Knudsen, head of global research at the Cybersecurity Research Center, shows an example of broken access control in an insecure bank application. This example uses a classic vulnerability, insecure direct object reference. You can check out the source code here.

Continue Reading

Explore Topics