Video Description

This lesson opens with the definition of A7-Missing Function Level Access Control. Many Web applications check URL access rights before rendering protective links and buttons. Basically, access control is about WHO can access WHAT. However, as certain functions always need to be performed, attackers are able to forge URLs to access hidden pages. Developers often forget to include the proper code checks, increasing vulnerability to attack. This lesson also discusses forced browsing, which can result from flaws in authorization checks. Participants also get to learn about CERT Secure Coding Standard. Finally, a case study focusing on GitHub Security is presented.

Course Modules

Secure Coding