🗃️Access Control
https://portswigger.net/web-security/access-control
Access control (or authorization) is the application of constraints on who (or what) can perform attempted actions or access resources that they have requested.
Broken access controls are a commonly encountered and often critical security vulnerability.
From a user perspective, access controls can be divided into the following 3 categories:
Vertical access controls - Vertical access controls are mechanisms that restrict access to sensitive functionality that is not available to other types of users.
Horizontal access controls - Horizontal access controls are mechanisms that restrict access to resources to the users who are specifically allowed to access those resources.
Context-dependent access controls - Context-dependent access controls restrict access to functionality and resources based upon the state of the application or the user's interaction with it.
Last updated