Broken Authorization
BOLA and access flaws.
Authentication vs Authorization
Authentication proves who you are. Authorization decides what you are allowed to do.
Broken authorization means the system lets users do or see things they should not.
What Is BOLA
BOLA stands for Broken Object Level Authorization.
It is the top API risk: an API checks that you are logged in, but not that the specific object you ask for actually belongs to you.
All lessons in this course
- API Attack Surface
- Broken Authorization
- Rate Limiting and Abuse
- Securing API Keys