Broken Access Control

← Back to OWASP Top 10

The #1 OWASP Top 10 risk (2021). Missing or improperly implemented authorization checks allowing users to access resources or perform actions beyond their intended permissions. Includes IDOR (Insecure Direct Object Reference) and privilege escalation.

Key Properties

• Missing Authorization Checks
• IDOR (Insecure Direct Object Reference)
• Privilege Escalation

---

application-security owasp access-control