Safeguard
Tag

broken-object-level-authorization

Safeguard articles tagged "broken-object-level-authorization" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Application Security

OWASP API Security Top 10 Explained

The 2023 OWASP API Security Top 10 explained with real breaches — T-Mobile, Optus, Peloton — plus what changed since 2019 and how to prioritize fixes.

Mar 10, 20267 min read
Application Security

What is Broken Object Level Authorization (BOLA)

BOLA lets attackers swap an object ID in an API request to pull someone else's data. Here's how it works, real breaches, and how to stop it.

Mar 9, 20267 min read
Application Security

What is an API Gateway and Its Security Role

An API gateway centralizes auth, routing, and rate limiting for every request — get it wrong and, as T-Mobile and Optus learned, millions of records leak.

Mar 9, 20268 min read
Industry Analysis

Broken Object Level Authorization (BOLA/IDOR) in APIs

BOLA/IDOR has topped the OWASP API Security Top 10 since 2019. Here's how USPS, Peloton, and Parler got breached by it—and how to catch it before you do.

Nov 7, 20258 min read
AppSec

The OWASP Top 10 API Security Risks, Explained

The OWASP Top 10 API Security Risks reorder the classic web vulnerability list around how APIs actually get broken — object-level authorization failures beat injection as the most common real-world root cause.

Sep 9, 20256 min read
Vulnerabilities

BOLA: Broken Object Level Authorization, Explained

A bola vulnerability lets one authenticated user reach another user's data just by changing an ID in a request — no exploit code required, which is exactly why scanners miss it so often.

Jul 24, 20255 min read
broken-object-level-authorization — Safeguard Blog