WEBVTT

00:00.680 --> 00:09.230
Broken access control occurs if a user is able to access unauthorized resources directly without proper

00:09.230 --> 00:18.200
authentication unauthorized resources can be what pages databases and directories applications have

00:18.200 --> 00:26.120
various account types depending on the users such as admin operators reporting group etc. One common

00:26.120 --> 00:35.630
problem is that developers restrict access to these accounts on the US side and neglect putting the

00:35.630 --> 00:45.860
same Strickland's on the server side if exploited an attacker can easily have admin rights in order

00:45.920 --> 00:50.060
to protect ourselves from broken access control.

00:50.060 --> 00:57.890
It is always important to invalidate tokens and cookies after logout forced log in log out after a password

00:57.890 --> 01:06.610
change and secure resources on the server itself and not only from the UI interface.