top | item 28939586

(no title)

yoloClin | 4 years ago

Broken access control is things like direct object vulnerabilities and authorisation bypasses _as well_ as broken authentication controls.

I'm not saying you're wrong, and agree that security should never be a 'premium' product, but it's important to identify that it isn't _just_ limited to authentication.

That being said, messing with SAML/Oauth assertions is generally pretty fruitful when pentesting, and MFA is something I'd recommend in almost all public facing applications.

discuss

No comments yet.