Beware of BOLA (IDOR) Vulnerabilities in Web Apps and APIs

Beware of BOLA (IDOR) Vulnerabilities in Web Apps and APIs

The recent CISA advisory concerning BOLA (IDOR) vulnerabilities is a wake-up call to bolster our web application security. The post Beware of BOLA (IDOR) Vulnerabilities in Web Apps and APIs appeared first ...
What You Need to Know About Broken Object Level Authorization (BOLA)

What You Need to Know About Broken Object Level Authorization (BOLA)

Photo by Claudel Rheault on Unsplash Broken Object Level Authorization (BOLA) is the #1 vulnerability in the OWASP API Security Project’s API Security Top Ten in 2019. Using BOLA, an attacker exploits ...
API12019 Broken Object Level Authorization

OWASP API1: 2019 – Broken Object Level Authorization

Are you leaving your APIs vulnerable to attacks? OWASP revealed that Broken Object Level Authorization is among the top 10 most critical API security risks list The post OWASP API1: 2019 – ...
Automate your API hacking with Autorize

Automate your API hacking with Autorize

Learn how to find authorization vulnerabilities in APIs using Burp and Autorize. The post Automate your API hacking with Autorize appeared first on Dana Epp's Blog ...
How BOLA Leads to Enumeration and ATO Attacks

How BOLA Leads to Enumeration and ATO Attacks

Imagine it’s a Friday night and you are out with your friends to the club. At the door, the bouncer asks you for your ID and lets all of you in. You ...
Breakdown of malicious traffic associated with BOLA vulnerability

How BOLA Leads to Enumeration and ATO Attacks

Imagine it’s a Friday night and you are out with your friends to the club. At the door, the bouncer asks you for your ID and lets all of you in. You ...

How the HR System Enabled my Promotion to CEO

Just kidding. I am happy to remain an individual contributor. However, if the HR system API had been implemented without the appropriate levels of authorization control, commonly referred to as broken object-level ...