Lesson 09 - OWASP Top 10 2017 - A5:2017-Broken Access Control

AppSec Starter is a basic application security awareness training applied to onboarding new developers. It is not the purpose of this training to discuss advanced and practical topics. Conviso has customized training and practical training platforms.

Training recorded by Nicolas Schmaltz and copyright reserved to Conviso Application Security S/A.

Lesson 9 Contents:

Restrictions on what authenticated users are allowed to do are not always correctly checked. Attackers can abuse these flaws to access features or data for which they are not authorized, such as data from other user accounts, view sensitive files, modify other users' data, change access permissions, among others.