Broken Access Control

Learn about broken access control, direct object access, deter URL probing, authorizing access to objects, directory traversal attacks, and securing files from attacks.

Direct object access

Broken access control refers to application problems that allow attackers to access data they shouldn’t. This can include other users’ data or system-level data like password files.

One of the common forms of broken access control is direct object access. This happens when a URL includes something like a database ID as a query parameter. An attacker sees the ID in the query parameter and starts probing for other numbers.

Get hands-on with 1400+ tech skills courses.