- Help Center
- Scanning & Testing
- API Testing
-
Getting Started
-
Platform Overview
-
Scanning & Testing
-
Troubleshooting Asset Blockers
-
Vulnerability Management
-
Attack Surface Management
-
Continuous Threat Exposure Management (CTEM)
-
Integrations
-
Reporting
-
Security Best Practices
-
Advanced Features & Customizations
-
Troubleshooting & FAQs
-
Updates & Announcements
How does Edgescan perform Broken object level authorization?
Edgescan includes Broken object level authorization as part of testing, and for API it's included as API1:2023.
Version Number: v1.0.1
Published Date: 9 Apr 2024
____________________________________________________________________________
Broken object level authorization (BOLA) would consist of the most interesting findings that are often misunderstood for manual detection however; Edgescan can still automate a surface level by identifying UUIDs being set that are considered weak, trying to access a difference in response using an incremented UUID that may be due to the API not checking permissions on calls.
Detecting administrator endpoints using administrator authenticated account and recording which endpoints are still accessible without authentication.