OWASP Top 10 Vulnerabilities: #7 Missing Function Level Access Control

This video by IBM’s ethical hacking team outlines how applications need to verify every request they receive against the permissions of the user issuing the command (the UI Level) as well as the backend function level (should the Application be requesting this data at all to begin with).  This 5 minute video outlines the appropriate considerations for protecting against missing function level access controls and mitigating controls to ensure all such requests are properly validated.

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.