StackHawk Documentation StackHawk Logo HawkDocs
vulnerabilities
40055

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc
Back to Index

API Enhanced Broken Object Level Authorization

Reference
Plugin ID: 40055 CWE: 639 WASC: 2 High Active Access Control
Resource

Remediation

To mitigate Enhanced Broken Object Level Authorization vulnerabilities, implement the following security measures:

  1. Object-Level Access Controls: Implement comprehensive authorization checks for each object access to ensure users can only access their own resources.

  2. Resource Ownership Validation: Validate resource ownership before allowing access to prevent horizontal privilege escalation.

  3. Consistent Authorization: Apply authorization checks consistently across all API endpoints that access objects or resources.

  4. Audit Logging: Implement comprehensive audit logging for object access attempts to detect unauthorized access patterns.

About

Enhanced Broken Object Level Authorization is an advanced variant of BOLA vulnerabilities that focuses on sophisticated object access control bypasses. This corresponds to OWASP API Security Top 10 2023 - API01: Broken Object Level Authorization.

Risks

Enhanced BOLA vulnerabilities can result in:

  • Unauthorized access to user objects and data
  • Horizontal privilege escalation attacks
  • Data exposure across user boundaries
  • Violation of data privacy and isolation
  • Potential for large-scale data breaches

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy