[Owasp-topten] Proposal to merge similar vulnerabilities under Authorisation

Donato Capitella d.capitella at gmail.com
Thu Jan 12 19:20:43 UTC 2017

Hi all,

This is my first post to this list, I apologise if this has already been
discussed. For the OWASP 2017, have you considered merging the following
three vulnerabilities under 'Missing Authorisation Controls' ?

- Mass-Assignment
- Insecure Direct Object Reference
- Missing Function Level Access Control

I think these are all the same issue, that is, authorisation has not been
performed properly server side.

What do you think?


It is not in the stars to hold our destiny, but in ourselves.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20170112/cf036d8d/attachment.html>

More information about the Owasp-topten mailing list