broken-object-level-authorization
Safeguard articles tagged "broken-object-level-authorization" — guides, analysis, and best practices for software supply chain and application security.
6 articles
OWASP API Security Top 10 Explained
The 2023 OWASP API Security Top 10 explained with real breaches — T-Mobile, Optus, Peloton — plus what changed since 2019 and how to prioritize fixes.
What is Broken Object Level Authorization (BOLA)
BOLA lets attackers swap an object ID in an API request to pull someone else's data. Here's how it works, real breaches, and how to stop it.
What is an API Gateway and Its Security Role
An API gateway centralizes auth, routing, and rate limiting for every request — get it wrong and, as T-Mobile and Optus learned, millions of records leak.
Broken Object Level Authorization (BOLA/IDOR) in APIs
BOLA/IDOR has topped the OWASP API Security Top 10 since 2019. Here's how USPS, Peloton, and Parler got breached by it—and how to catch it before you do.
The OWASP Top 10 API Security Risks, Explained
The OWASP Top 10 API Security Risks reorder the classic web vulnerability list around how APIs actually get broken — object-level authorization failures beat injection as the most common real-world root cause.
BOLA: Broken Object Level Authorization, Explained
A bola vulnerability lets one authenticated user reach another user's data just by changing an ID in a request — no exploit code required, which is exactly why scanners miss it so often.