Request a DemoBroken Access Control (BAC) is the way in which attackers bypass a web application’s access control, also known as authorization, to resources and functions, granting authorization to some users and denying it to others. Common examples of broken access control include insecure user ID’s, client-side caching, forced browsing to authenticated pages, elevation of privilege, and more. The ramifications of BAC range from viewing unauthorized content to harmful application takeover.
BAC was listed as the #1 most critical security risk to web applications in the 2021 OWASP Top Ten.
