RedTeam
3.Web-Hacking
3.Business-Logic
Access-Control-Vulnerabilities
Notes
1.what Is Access Control

What is Access Control

Access control (or authorization) is the application of constraints on who (or what) can perform attempted actions or access resources that they have requested. In the context of web applications, access control is dependent on authentication and session management:

  • Authentication identifies the user and confirms that they are who they say they are. [[1 - What is Authentification Vulnerability]] (All Auth info is in the other folder)
  • Session management identifies which subsequent HTTP requests are being made by that same user.
  • Access control determines whether the user is allowed to carry out the action that they are attempting to perform.

Broken access controls are a commonly encountered and often critical security vulnerability. Design and management of access controls is a complex and dynamic problem that applies business, organizational, and legal constraints to a technical implementation. Access control design decisions have to be made by humans, not technology, and the potential for errors is high.