[Owasp-topten] Proposal to merge similar vulnerabilities under Authorisation
dave.wichers at owasp.org
Fri Jan 13 05:14:22 UTC 2017
Yes. In fact we plan to do exactly that for the last two items in your list
to make room for 1 new vulnerability category. I hadn't thought about
including Mass Assignment in the access control category as well. We'll
have to think about that.
On Thu, Jan 12, 2017 at 2:20 PM, Donato Capitella <d.capitella at gmail.com>
> Hi all,
> This is my first post to this list, I apologise if this has already been
> discussed. For the OWASP 2017, have you considered merging the following
> three vulnerabilities under 'Missing Authorisation Controls' ?
> - Mass-Assignment
> - Insecure Direct Object Reference
> - Missing Function Level Access Control
> I think these are all the same issue, that is, authorisation has not been
> performed properly server side.
> What do you think?
> It is not in the stars to hold our destiny, but in ourselves.
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-topten