Cyber Security - Self Study guides , notes

Broken Access Control

What is broken access control ?

Broken Access Control refers to thoes vulnerabilities that allow users to perform actions or access information they are not authorized to. This can lead to unauthorized information disclosure, modification, or destruction, and unintended tasks.

Some types of broken access control :

Violation of the Principle of Least Privilege
Bypassing Access Control Checks
Insecure Direct Object References
Missing Access Controls on APIs
Elevation of Privilege
Metadata Manipulation
CORS Misconfiguration
Force Browsing

Some possible broken access control attacks :

Bypassing Authentication by Manipulating URL or HTTP Parameters
Inadequate Session Management
Forced Browsing to Access Restricted Resources
Lack of Access Control Checks on APIs

CAPA: The Basics01/02/25 ctf → thm → capa-the-basics

SQLMap: The Basics31/01/25 ctf → thm → sqlmap-the-basics

SQL Fundamentals31/01/25 ctf → thm → sql-fundamentals

Powershell30/01/25 programming → powershell