nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

An Investigation of Broken Access Control Types, Vulnerabilities, Protection, and Security

verfasst von : Elaf Almushiti, Raseel Zaki, Nora Thamer, Rima Alshaya

Erschienen in: Advances in Emerging Information and Communication Technology

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In the OWASP Top 10 Version 2021, the Broken Access Control is ranked first position. That means it is the most exploited vulnerability today by attackers. Because if the attacker can break the access control, he can take administrator privileges and compromise the entire web application. After that, he can launch any type of attack for his purpose. That was the cause of why it was most targeted. In this search, we will present the Broken Access Control vulnerability. First, we talk about its history and then present an overview. After that, we show some research related to our search. Then we reviewed the web application vulnerabilities that attackers may exploit to break the access control. Finally, we talk about protection and security that should be taken against attackers who exploit this vulnerability.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Teleworking in Service of Work–Family Balance

Nächstes Kapitel Considering Uncertainty Expression in Sentiment Analysis and Tweet Classification

THE OWASP®. OWASP Foundation, the Open Source Foundation for Application Security—OWASP Foundation. (n.d.), https://owasp.org/. Last accessed 20 Sept 2023

A. Alotaibi, L. Alghufaili, D.M. Ibrahim, Cross site scripting attack review. ISC Int. J. Inf. Secur. 13(3), 21–30 (2021)

Access control vulnerabilities and privilege escalation. Web Security Academy. (n.d.), https://portswigger.net/web-security/access-controlvertical-access-controls. Last accessed 20 Sept 2023

M.S. Albulayhi, D.M. Ibrahim, Open web application security project components with known vulnerabilities: a comprehensive study. ISC Int. J. Inf. Secur. 13(3), 59–67 (2021)

S. Alotaibi, K. Alharbi, B. Abaalkhail, D.M. Ibrahim, Sensitive data exposure: data forwarding and storage on cloud environment. Int. J. Online Biomed. Eng. 17(14), 4–18 (2021)CrossRef

A.H. Alrobaish, W.F. Al-mutairi, H.A. Alsuqayhi, D.M. Ibrahim, Common attacks on near field communication technology, in 2nd International Conference on Computing and Information Technology (ICCIT), (IEEE, Tabuk, 2022), pp. 110–114

M.M. Hassan, M.A. Ali, T. Bhuiyan, S. Biswas, Quantitative assessment on broken access control vulnerability in web applications, in International Conference on Cyber Security and Computer Science 2018, (2018)

V.C. Hu, D.F. Ferraiolo, D. Rick Kuhn, Assessment of Access Control Systems – csrc.nist.rip. (2006), https://csrc.nist.rip/external/nvlpubs.nist.gov /nist-pubs/Legacy/IR/nistir7316.pdf. Last accessed 20 Sept 2023

H. Aljoaey, K. Almutawa, R. Alabdali, D.M. Ibrahim, Broken authentication and session management vulnerabilities. ISC Int. J. Inf. Secur. 13(3), 11–19 (2021)

10.

D. Stuttard, P. Marcus, The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws (Wiley, 2011)

11.

K. Pan, amp; Wang, Q., Static detection of access control vulnerabilities in vue applications. J. Phys. Conf. Ser. 1646(1), 012021 (2020)CrossRef

12.

M. Alsalamah, H. Alwabli, H. Alqwifli, D.M. Ibrahim, A review study on SQL injection attacks, prevention, and detection. ISC Int. J. Inf. Secur. 13(3), 1–10 (2021)

13.

H.G. Song, Y. Kim, K.G. Doh, Automatic detection of access control vulnerabilities in web applications by URL crawling and forced browsing. Inf. Sci. Technol. 3(2), 482–486 (2012)

14.

F. Sun, L. Xu, Z. Su, Static detection of access control vulnerabilities in web applications, in 20th USENIX Security Symposium (USENIX Security 11), 64(1) (2011)

15.

Broken Access Control, https://owasp.org/www-community/BrokenAccessControl. Last accessed 20 Sept 2023

16.

What Is Broken Access Control Vulnerability, https://www.eccouncil.org/cybersecurity-exchange/web-application-hacking/broken-access-control-vulnerability. Last accessed 20 Sept 2023

17.

D. Stuttard, M. Pinto, J.J. Pauli, The web application hacker’s Handbook: Finding and exploiting security flaws (Wiley, 2012)

18.

Access control vulnerabilities and privilege escalation, https://portswigger.net/web-security/access-control. Last accessed 20 Sept 2023

19.

M. Rennhard, M. Kushnir, O. Favre, D. Esposito, V. Zahnd, Automating the detection of access control vulnerabilities in web applications. SN Comput. Sci. 3(5), 376 (2022)CrossRef

20.

Son, S., Shmatikov, V., McKinley, K. S., FixMeUp: repairing access-control bugs in web applications. Microsoft Research, NDSS. https://www.microsoft.com/en-us/research/publication/fixmeup-repairing-access-control-bugs-in-web-applications/. Last accessed 20 Sept 2023

21.

A comprehensive guide to broken access control. PurpleBox (2022), https://www.prplbx.com/broken-access-control/. Last accessed 20 Sept 2023

22.

Wallarm, A5: Broken Access Control! – top 10 owasp 2022. RSS (n.d.), http://www.wallarm.com/what/a5-broken-access-control-2017-owasp. Last accessed 20 Sept 2023

Titel: An Investigation of Broken Access Control Types, Vulnerabilities, Protection, and Security
verfasst von: Elaf Almushiti
Raseel Zaki
Nora Thamer
Rima Alshaya
Verlag: Springer Nature Switzerland
Buch: Advances in Emerging Information and Communication Technology
Print ISBN: 978-3-031-53236-8

Electronic ISBN: 978-3-031-53237-5

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-53237-5_16

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner