F039. Improper authorization control for web services

Description

The system’s web services do not have an authorization control mechanism or the one in place can be bypassed.

Rules

  1. R096. Set user required privileges

  2. R176. Restrict system objects

  3. R265. Restrict access to critical processes

  4. R320. Avoid client-side control enforcement

Fluid Attacks logo Start with Fluid Attacks

Fluid Attacks logo Contact us

OWASP logo

We are a proud corporate member of the OWASP Foundation

Contact Us

Number is valid Number is not valid
Please select an option

Clutch Review

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy