Safeguard
Tag

broken-access-control

Safeguard articles tagged "broken-access-control" — guides, analysis, and best practices for software supply chain and application security.

11 articles

Application Security

AI-driven DAST for modern applications

73% of open-source developers now use AI coding tools. Dynamic testing built for nightly crawls can't keep pace with apps that reshape their attack surface daily.

Jul 9, 20267 min read
Application Security

Broken access control in Express: the OWASP #1 risk, fixed with middleware

Broken access control now shows up in 100% of tested applications, per OWASP's 2025 Top 10 — up from 94% in 2021. Here's how to close it in Express.

Jul 8, 20266 min read
Vulnerability Analysis

Confluence Broken Access Control Zero-Day (CVE-2023-22515) Explained

CVE-2023-22515 let unauthenticated attackers create rogue administrator accounts on Confluence Data Center and Server. Here's the broken-access-control flaw and how to fix it.

Jul 7, 20265 min read
Security Guides

OWASP A01: Broken Access Control — A Deep-Dive Guide

Broken Access Control is the #1 OWASP Top 10 (2021) risk. A deep dive into IDOR, missing authorization, real CVEs, and how to detect and fix it in 2026.

Jul 1, 20267 min read
Application Security

Preventing broken access control in Express.js applications

Express.js ships with no built-in authorization layer, making broken access control easy to introduce and hard to catch with pattern-based scanners.

Apr 17, 20267 min read
Vulnerability Analysis

What is Broken Access Control

Broken access control is OWASP's #1 web risk, found in 94% of apps tested. See how IDOR flaws breached First American, USPS, and Parler.

Mar 28, 20266 min read
Vulnerability Analysis

What is Insecure Direct Object Reference (IDOR)

IDOR lets attackers access other users data just by changing an ID in a URL or API call. Learn how it works, real breaches, and how to fix it.

Mar 28, 20267 min read
Incident Analysis

Confluence Zero-Day Lessons: What CVE-2023-22515 Showed About SaaS-Adjacent On-Prem Risk

The Confluence broken access control zero-day from October 2023 hit thousands of self-hosted instances. A 2026 look at the exploit, the response, and the durable lessons.

Mar 5, 20265 min read
Vulnerability Analysis

Insecure direct object reference (IDOR) explained

IDOR lets attackers access other users' data by editing an ID in a request. See how it broke USPS, Panera, and First American — and how to actually fix it.

Dec 9, 20256 min read
Vulnerability Analysis

Broken access control explained

Broken access control has topped OWASP's Top 10 since 2021. See real breaches, common patterns like IDOR, and how to detect and fix them.

Dec 9, 20257 min read
Industry Analysis

Broken Function Level Authorization (BFLA) in APIs

BFLA lets a regular user call admin-only API functions. Here's how the USPS, Peloton, and Coinbase incidents happened — and how to catch it before attackers do.

Nov 7, 20257 min read
broken-access-control — Safeguard Blog