/
web app pentesting
/
access control
Menu
Access Control
Main Ideas
What is Access Control?
Types of Access Control
Vertical Privilege Escalation
Unprotected functionality
Parameter-based access control methods
Broken access control resulting from platform misconfiguration
Broken access control resulting from URL-matching discrepancies
Horizontal privilege escalation
Main Fixes
Horizontal to vertical privilege escalation
Insecure direct object references (IDOR)
IDOR: Extra Ideas
Access control vulnerabilities in multi-step processes
Referer-based access control
Location-Based Access Control
How to prevent access control vulnerabilities
