Broken Authorization (also known as Broken Access Control or Privilege Escalation) is a term for a series of flaws that arise from the ineffective implementation of authorization controls used to assign user access privileges.
When authorization is properly designed and implemented, access to various content and functions is granted or denied to different users, depending on the designated role and corresponding privileges.
For example, in a web application, authorization is subject to authentication and session management.
| OWASP Top 10 Application Security Risks - 2021 | Reference |
|---|---|
| A01:2021 – Broken Access Control | OWASP |
Vulnerabilities of this type can affect any modern software present in web applications, databases, operating systems, and other technological infrastructures that rely on authorization controls.
Francesco Ongaro
