Login
To avoid incidents of broken access control, it is essential to choose and stick to one access control model for your application throughout development and to continuously test it to ensure few points of failure. The four standard access control models include Mandatory Access Control (MAC), Role-Based Access Control (RBAC), Discretionary Access Control (DAC), and Rule-Based Access Control (RBAC or RB-RBAC). Each model has positives and negatives and must be selected carefully for your system design and purpose.
EXAMPLE OF AN ATTACK.
Partially checking access controls (black-list mode) is risky. In case the developer adds some other pages but forgets to update the access control logic, there could be a viable breach where users without proper access rights could still visit those pages and perform malicious actions.
Previous OWASP article: OWASP #4 XML EXTERNAL ENTITIES (XXE)
Click here to learn more about the OWASP Top Ten, and how Xcalscan can help you identify and resolve them.
You might be interested in
Empowering Customers the Xcalibyte Way – An Interview with Gavin Bu
14 Oct 2021 | By Gavin Bu
From smart-locks at homes to self-driving vehicles on the road, new technologies such as artificial intelligence, blockchain, and 5G continue to promote the...
read the story
The Customer First Philosophy!
14 Sep 2021 | By Yanwen Lu
Yanwen Lu, Product Manager at Xcalibyte, shares her insights for how we have had to tailor our technical capabilities for very specific client requirements...
read the story