BOLA Risk Mitigation Strategies - Whitepaper

In this whitepaper

APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface Level Access Control issue. Broken Object-Level Authorization (BOLA) checks should be considered in every function that accesses a data source using input from the user.

This whitepaper examines:

  • why BOLA is considered the #1 risk on the OWASP Top 10 list
  • the causes of BOLA API risks
  • the difficulty in detecting and fixing BOLA risks
  • recommendations for securing APIs