Broken Access Control (BAC)

Broken Access Control is when an application does not thoroughly restrict user permissions for appropriate access to administrative functionality. The consequences associated to broken access control may include viewing of unauthorized content, modification or deletion of content, or full application takeover. A few examples of common access control vulnerabilities are role based access, poor password management, insecure Id’s, forced browsing past access control checks, path traversal, file permissions, and client side caching.

Related Resources:

[Bugcrowd University] Broken Access Control Testing
[Guide] The Ultimate Guide to Managed Bug Bounty

Get started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.

Try Bugcrowd Contact Us