inonshk
commented
5 years ago Thanks! Great idea. Added: https://github.com/OWASP/API-Security/pull/19
Closed emilva closed 5 years ago
inonshk
commented
5 years ago Thanks! Great idea. Added: https://github.com/OWASP/API-Security/pull/19
Not sure if this has been discussed earlier, but I would consider proper integration tests as a preventive mechanism to broken access control. By writing tests for access controls you will get a guarantee that it will not happen, and you will (should) break the build and not deploy the vulnerable changes to production. This of course requires a thorough test suite, with all the "bad" cases covered, and also mechanisms to detect when new API endpoints are added without test coverage.