all InfoSec news
What You Need to Know About Broken Object Level Authorization (BOLA)
Security Boulevard securityboulevard.com
Photo by Claudel Rheault on Unsplash
Broken Object Level Authorization (BOLA) is the #1 vulnerability in the OWASP API Security Project’s API Security Top Ten in 2019. Using BOLA, an attacker exploits a vulnerable API endpoint by manipulating an arbitrary object identifier to exfiltrate or manipulate data they are not authorized to access. Authorization schemes can be complex, and it is easy for an API developer to miss an authorization check when the application state is passed between client …
access api api abuse api security api security - analysis application authorization bola broken object level authorization check client data developer endpoint exploits mobile security news and insights object owasp owasp api photo project security service state vulnerability vulnerable vulnerable api