API Security: Broken Object Level Authorization
Introduction:
Application Programming Interface/API:
To make communication easier between two or more applications, API provides an intermediary connection between them so they can easily communicate with each other. The can also be used in the cross platform, i.e only 1 api is efficient to handle the calls from the android, ios, and webapp. If you want to dive deep then you can go ahead and read my previous blog on this:
API Security: Lack of Resources
What is Broken Object Level Authorization/BOLA?
This is also known as Insecure Direct Object Reference / IDOR, So an attacker manipulates the ID of his resources at the time of API call and access the resources of the other user to which he doesn’t have any authorization. This exists due to the lack of the authorization on that particular endpoint.
This is a very common vulnerability that exists in the API’s; its severity depends upon the information that is being disclosed due to this vulnerability. The applications are complex sometimes and while…
