API Testing
      Back to home
      1. Help Center
      2. Scanning & Testing
      3. API Testing

      How does Edgescan perform Broken object level authorization?

      Edgescan includes Broken object level authorization as part of testing, and for API it's included as API1:2023.

      Version Number: v1.0.1

      Published Date: 9 Apr 2024

      ____________________________________________________________________________


      Broken object level authorization (BOLA) would consist of the most interesting findings that are often misunderstood for manual detection however; Edgescan can still automate a surface level by identifying UUIDs being set that are considered weak, trying to access a difference in response using an incremented UUID that may be due to the API not checking permissions on calls.

      Detecting administrator endpoints using administrator authenticated account and recording which endpoints are still accessible without authentication.