adporn.net A1: Broken access controls - SonarQube Video Tutorial | LinkedIn Learning, formerly Lynda.com

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Static Application Security Testing

Unlock the full course today

Join today to access over 24,400 courses taught by industry experts.

A1: Broken access controls

A1: Broken access controls - SonarQube Tutorial

From the course: Static Application Security Testing

Start my 1-month free trial Buy for my team

A1: Broken access controls

“

- [Instructor] The most significant risks in the OWASP top 10 list are broken access control flaws. You learned about broken authentication earlier on keeping unauthorized users out of the application but you also need to make sure the application enforces the right security on users after they successfully log in. An authenticated user should only have access to their individual account. If access controls aren't properly enforced though, an attacker could potentially have access to functions and data that belong to another user. While automated tools might be able to detect whether access controls are missing, you really need to rely on manual testing to make sure that the access controls are properly aligned with your business rules. That lack of automated detection is one of the reasons it's so easy for broken access controls to slip into an application. Automated scanners have no way of knowing whether Dan in accounting…

Contents