BOLA Broken Object Level Authorization

Broken Object Level Authorization (BOLA) vulnerability, often also referred to as Insecure Direct Object Reference (IDOR), is the most severe and most common API vulnerability today.

Broken Object Level Authorization happens when an application does not correctly confirm that the user performing the request has the required privileges to access a resource of another user. Almost every company has APIs that are vulnerable to BOLA. Reference: https://owasp.org/www-project-api-security/ https://heimdalsecurity.com/blog/what-is-broken-object-level-authorization-bola/

PreviousBAC Broken Access Control NextSQLi SQL Injection

Last updated 2 years ago