Broken
Access
Control
Broken Authentication and Session Management
|
Insecure Direct Object References
|
Missing Function Level Access Control
Broken Authentication
Session Management Cheat Sheet
|
CWE-287: Improper Authentication
|
Identity Management Testing
IDOR
Open Redirects
|
Directory
Transversal
References
Authorization Testing
|
Enforce Access Controls
|
Access Control Cheat Sheet
Directory Traversal
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
|
Testing Directory Traversal File Include
Missing
Function
Level AC
Click-fraud monetization