BOLA Risk Mitigation Strategies - Whitepaper
In this whitepaper
APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface Level Access Control issue. Broken Object-Level Authorization (BOLA) checks should be considered in every function that accesses a data source using input from the user.
This whitepaper examines:
- why BOLA is considered the #1 risk on the OWASP Top 10 list
- the causes of BOLA API risks
- the difficulty in detecting and fixing BOLA risks
- recommendations for securing APIs