all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

What You Need to Know About Broken Object Level Authorization (BOLA)

Add to bookmarks
March 28, 2023, 7:13 a.m. | Skip Hovsmith

Security Boulevard securityboulevard.com




Photo by Claudel Rheault on Unsplash


Broken Object Level Authorization (BOLA) is the #1 vulnerability in the OWASP API Security Project’s API Security Top Ten in 2019. Using BOLA, an attacker exploits a vulnerable API endpoint by manipulating an arbitrary object identifier to exfiltrate or manipulate data they are not authorized to access. Authorization schemes can be complex, and it is easy for an API developer to miss an authorization check when the application state is passed between client …

access api api abuse api security api security - analysis application authorization bola broken object level authorization check client data developer endpoint exploits mobile security news and insights object owasp owasp api photo project security service state vulnerability vulnerable vulnerable api

Visit resource

More from securityboulevard.com / Security Boulevard

USENIX Security ’23 – Inductive Graph Unlearning 5 hours ago | securityboulevard.com
access authors channel conference +13
From DAST to dawn: why fuzzing is better solution | Code Intelligence 5 hours ago | securityboulevard.com
api security application applications application security +27
Scaling Application Security With Application Security Posture Management (ASPM) 8 hours ago | securityboulevard.com
application application security application security posture management aspm +13
Crunching Some Numbers on PHP Support 12 hours ago | securityboulevard.com
application breaking can continue +16
Google Chrome DBSC Protection Tested Against Cookie Attacks 13 hours ago | securityboulevard.com
attacks authentication browser browser security +31
What is SOC 2 Compliance Audit? 14 hours ago | securityboulevard.com
audit audits businesses client +27
The Dark Side of EDR: Repurpose EDR as an Offensive Tool 15 hours ago | securityboulevard.com
capabilities code dark edr +13
NTA Email Alert Configuration 18 hours ago | securityboulevard.com
addresses alert basic configuration +8
The Ultimate Guide to SBIR and STTR Program Budgeting 19 hours ago | securityboulevard.com
budgeting budgets can corporations +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Cybersecurity Triage Analyst

@ Peraton | Linthicum, MD, United States
View on infosec-jobs.com

Associate DevSecOps Engineer

@ LinQuest | Los Angeles, California, United States
View on infosec-jobs.com

DORA Compliance Program Manager

@ Resillion | Brussels, Belgium
View on infosec-jobs.com

Head of Workplace Risk and Compliance

@ Wise | London, United Kingdom
View on infosec-jobs.com
View more jobs