New approaches to detect Broken Level Authorization attacks

[Ailton da SIlva dos Santos Filhos]

Hi everyone,

Recently, new approaches to detect BOLA attacks are emerging, such as the ones described in https://42crunch.com/owasp-api-security-top-10/ and https://www.cloudvector.com/owasp-api-security-top-10-broken-object-level-authorization/. 

Basically, they are based on to determine if the ID being passed in a request is originally from previous requests.

I'm interested in verifying the efficacy of these approaches and their applicability. Has anyone tested, experience with such approaches, or any opinions?

Best regards,

Ailton