- Help Center
- Scanning & Testing
- API Testing
-
Getting Started
-
Platform Overview
-
Scanning & Testing
-
Troubleshooting Asset Blockers
-
Vulnerability Management
-
Attack Surface Management
-
Continuous Threat Exposure Management (CTEM)
-
Integrations
-
Reporting
-
Security Best Practices
-
Advanced Features & Customizations
-
Troubleshooting & FAQs
-
Updates & Announcements
How does Edgescan perform Broken function level authorization?
Edgescan includes Broken object level authorization in all API Testing
Version Number: v1.0.1
Published Date: 9 Apr 2024
____________________________________________________________________________
Although commonly mistaken for manual testing, it is still possible to cover some of the surface level with automation such as if user credentials are used, we commonly may see an endpoint in the URL such as /api/user/profile in which case a regex is used to replace /user/ with /admin/ and perform a DIFF but manual intervention is always recommended for a higher level of coverage.