Broken access control
- 1. WELCOME ALL PRESENTED BY: SAUMYA MUTALIK CHAITANYA OZA PRIYANSHU GANDHI TOPIC: BROKEN ACCESS CONTROL
- 3. What is access control? In the context of web applications, access control is dependent on authentication and session management:
- 4. what is broken access control? Broken access controls are a commonly encountered and often critical security vulnerability. Design and management of access controls is a complex and dynamic problem that applies business, organizational, and legal constraints to a technical implementation.
- 6. Example #1:The application uses unverified data
- 7. Example #2:An attacker simply force browses to target URLs
- 11. Forced Browsing Past Access Control Checks Insecure Id's Path Traversal File Permissions Client Side Caching
- 12. The policy should document what types of users can access the system, and what functions and content each of these types of users should be allowed to access. The access control mechanism should be extensively tested to be sure that there is no way to bypass it.
- 13. Is everything clear so far? Feel free to make this an open discussion for questions or clarifications before proceeding.
- 14. Thank you for joining today's class. Use this space for announcements, homeworks, or ways students can approach you if ever they have questions.