New approaches to detect Broken Level Authorization attacks

36 views
Skip to first unread message

Ailton da SIlva dos Santos Filhos

unread,
Oct 18, 2020, 1:31:30 PM10/18/20
to API Security Project
Hi everyone,

Recently, new approaches to detect BOLA attacks are emerging, such as the ones described in https://42crunch.com/owasp-api-security-top-10/ and https://www.cloudvector.com/owasp-api-security-top-10-broken-object-level-authorization/
Basically, they are based on to determine if the ID being passed in a request is originally from previous requests.

I'm interested in verifying the efficacy of these approaches and their applicability. Has anyone tested, experience with such approaches, or any opinions?

Best regards,
Ailton

Reply all
Reply to author
Forward
0 new messages