This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Periodic Table of Vulnerabilities - Insufficient Authentication/Authorization

From OWASP
Revision as of 09:18, 16 May 2013 by Peter Mosmans (talk | contribs) (initial page setup)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Return to Periodic Table Working View

Insufficient Authentication/Authorization

Root Cause Summary

Incorrect verification of identity and permissions can results to an attacker accessing sensitive data or functionality without properly being authenticated and/or authorized to do so.

Browser / Standards Solution

None

Perimeter Solution

Whenever possible, apply server-side Access Control Lists for those sections of sensitive data that should't be publicly accessible.

Generic Framework Solution

Use an authentication framework.

Custom Framework Solution

Apply least-privilege principle to all transactions, requiring authentication and authorization where applicable.

Custom Code Solution

None

Discussion / Controversy

<discussion / controversy tracking here>

References

Insufficient Authentication (WASC)

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Periodic_Table_of_Vulnerabilities_-_Insufficient_Authentication/Authorization&oldid=151729"