In this article, I dig into the details about Broken Object Level Authorization (BOLA) — the most common and most severe API vulnerability today according to the OWASP API Security Project. Insecure Direct Object Reference (IDOR) and BOLA are the same thing. The name was changed from IDOR to BOLA as part of the project.
Subscribe for expert insights to protect your applications.
Thanks! Your subscription has been recorded.
Code scanning performed by Static Application Security Testing tools helps developers find vulnerabilities even as they write code, but at a cost.
Lacking the power of AI and machine learning, common security technologies miss API attacks by not seeing the broader business context. Here’s what happened at Shopify.
Even the largest companies in the world are susceptible to API vulnerabilities. How modern security defenses fail — and how to fix them.
DAST tools provide pentesters with a hacker’s-eye-view of system vulnerabilities. What are the advantages and disadvantages of this important security tool?
Most security defenses would have missed the Uber API authorization vulnerability. Here’s why.
PartII: API Security in Modern Applications
Part I: What are Modern Applications