OWASP Periodic Table of Vulnerabilities - Insufficient Authentication/Authorization
Root Cause Summary
Incorrect verification of identity and permissions can results to an attacker accessing sensitive data or functionality without properly being authenticated and/or authorized to do so.
Browser / Standards Solution
Whenever possible, apply server-side Access Control Lists for those sections of sensitive data that should't be publicly accessible.
Generic Framework Solution
Use an authentication framework.
Custom Framework Solution
Apply least-privilege principle to all transactions, requiring authentication and authorization where applicable.
Custom Code Solution
Discussion / Controversy
<discussion / controversy tracking here>