OWASP Periodic Table of Vulnerabilities - Insufficient Authentication/Authorization

Return to Periodic Table Working View

Root Cause Summary
Incorrect verification of identity and permissions can results to an attacker accessing sensitive data or functionality without properly being authenticated and/or authorized to do so.

Browser / Standards Solution
None

Perimeter Solution
Whenever possible, apply server-side Access Control Lists for those sections of sensitive data that should't be publicly accessible.

Generic Framework Solution
Use an authentication framework.

Custom Framework Solution
Apply least-privilege principle to all transactions, requiring authentication and authorization where applicable.

Custom Code Solution
None

Discussion / Controversy
