This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Periodic Table of Vulnerabilities - Insufficient Authentication/Authorization
From OWASP
Return to Periodic Table Working View
Insufficient Authentication/Authorization
Root Cause Summary
Incorrect verification of identity and permissions can results to an attacker accessing sensitive data or functionality without properly being authenticated and/or authorized to do so.
Browser / Standards Solution
None
Perimeter Solution
Whenever possible, apply server-side Access Control Lists for those sections of sensitive data that should't be publicly accessible.
Generic Framework Solution
Use an authentication framework.
Custom Framework Solution
Apply least-privilege principle to all transactions, requiring authentication and authorization where applicable.
Custom Code Solution
None
Discussion / Controversy
<discussion / controversy tracking here>