Broken access control flaws enable attackers to perform actions as trusted users or administrators. In this video, learn how to test for broken access control flaws.
- [Instructor] The fifth set of risks in the OWASP top 10 … list are broken access control flaws. … You learned about broken authentication earlier. … On keeping unauthorized user out of the application … but you'll also need to make sure … that the application enforces the right security on users … after they successfully login. … An authenticated user should only have access … to their account. … If access controls aren't properly enforced though … an attacker could potentially have access … to functions and data that belong to another user. … While automated tools might be able … to detect whether access controls are missing … you really need to rely on manual testing … to make sure that access controls are properly aligned … with business rules. … The lack of automated detection is one … of the reasons it's so easy for broken access controls … to slip into an application. … Automated scanners have no way of knowing whether … or not Dan in accounting should have access … to the self service password reset page. …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.