{% extends 'core/Broken Access Control/broken-access.html' %} {% load static %}
It is a way to access restricted areas with no or insufficient permissions. Such as letting unauthorized
users access URLs they are not meant to or accessing URLs that hold data with no authorization. Leaving this
vulnerability unchecked means free access to reading, editing, and deleting our web application data. At
times attackers can pretend to be various roles and access different places.
Some common issues include:
A typical case of broken access is allowing users to view or edit data without authenticating first,
allowing attackers easy access. Another vulnerability is users being able to use the functionality they
shouldn't have access to, like admin functions.
This type of vulnerability is hazardous and essential to prevent. Not doing so might lead to data theft,
modification or deletion of data, or possession of the whole website.
The most common way to stop Broken Access Control attacks is by Access Validation .
Users will need to be authenticated first, so attempts made by unauthorized ones will be shut down.