Blog

OWASP #5 Broken Access Control

2021-10-19 | By Jason Lu

To avoid incidents of broken access control, it is essential to choose and stick to one access control model for your application throughout development and to continuously test it to ensure few points of failure. The four standard access control models include Mandatory Access Control (MAC), Role-Based Access Control (RBAC), Discretionary Access Control (DAC), and Rule-Based Access Control (RBAC or RB-RBAC). Each model has positives and negatives and must be selected carefully for your system design and purpose.

EXAMPLE OF AN ATTACK.

Partially checking access controls (black-list mode) is risky. In case the developer adds some other pages but forgets to update the access control logic, there could be a viable breach where users without proper access rights could still visit those pages and perform malicious actions.

Previous OWASP article: OWASP #4 XML EXTERNAL ENTITIES (XXE)

Click here to learn more about the OWASP Top Ten, and how Xcalscan can help you identify and resolve them.

You might be interested in

seL4 Summit 2022 Recap

2022-11-01 | By Yuning Liang

As seL4 moves onto automotive applications, having industry standards will be a big step forward for mass adoption. Iso 26262 ASIL-D is well known...

read the story

Empowering Customers the Xcalibyte Way – An Interview with Gavin Bu

2021-10-14 | By Gavin Bu

From smart-locks at homes to self-driving vehicles on the road, new technologies such as artificial intelligence, blockchain, and 5G continue to promote the...

read the story

通过使用我们的网站,表明您已经阅读并理解我们的Cookie政策及隐私政策