A7 – Ensuring function level access control

The function level access control is the type of access control that prevents the calling of functions by anonymous or unauthorized users. The lack of this kind of control is the seventh most critical security issue in Web applications according to OWASP.

In this recipe, we will see some recommendations to improve the access control of our applications at the function level.

How to do it...

  1. Ensure that the workflow's privileges are correctly checked at every step.
  2. Deny all access by default and then allow tasks after an explicit verification of authorization.
  3. Users, roles, and authorizations should be stored in a flexible media, such as a database or a configuration file. Do not hardcode them.
  4. Again, "Security ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial