application-security

Broken Access Control

Broken Access Control (OWASP A01)

Definition

Broken access control is the top OWASP vulnerability category, covering failures that allow users to act outside their intended permissions. Vulnerabilities include insecure direct object references (accessing other users' resources by manipulating IDs), missing function-level access checks, privilege escalation, and CORS misconfigurations.

Consistent server-side access control enforcement on every request is the primary defense.

Related Terms

RBAC

Role-Based Access Control

Least Privilege

Principle of Least Privilege

Privilege Escalation

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product