[Owasp-topten] Proposal to merge similar vulnerabilities under Authorisation

Donato Capitella d.capitella at gmail.com
Thu Jan 12 19:20:43 UTC 2017


Hi all,

This is my first post to this list, I apologise if this has already been
discussed. For the OWASP 2017, have you considered merging the following
three vulnerabilities under 'Missing Authorisation Controls' ?

- Mass-Assignment
- Insecure Direct Object Reference
- Missing Function Level Access Control

I think these are all the same issue, that is, authorisation has not been
performed properly server side.

What do you think?

Cheers,
Donato

-- 
It is not in the stars to hold our destiny, but in ourselves.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20170112/cf036d8d/attachment.html>


More information about the Owasp-topten mailing list