Lesson 10: Broken Access Control

Broken Access Control is a vulnerability that basically occurs when you don't set privileges/roles for your users to access certain resources. In this video, we get to see how to take advantage of broken access control, protect yourselves against it, and a final test to check our knowledge.

Links in the video: Missing Function Level Access Control Vulnerabilities in Maian Support Helpdesk Allow Complete Take Over of the System - https://www.netsparker.com/blog/web-security/missing-function-level-access-control-vulnerability-maian-support-helpdesk/?utm_source=hacksplaining&utm_medium=post&utm_campaign=articlelink Access Control in Unix - https://www.cs.purdue.edu/homes/ninghui/courses/426_Fall10/handouts/426_Fall10_lect09.pdf AWS Identity and Access Management (an example of a very granular, policy-based access control system, that covers all of the Amazon Web Service offerings) - https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html Testing for Authorization - https://wiki.owasp.org/index.php/Testing_for_Authorization