// Level 4 · Control detail
A01:2021CriticalOWASP Web · Top 10 (2021)
Broken Access Control
Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data. CWE-22, CWE-284, CWE-285, CWE-639.
Get AI-powered control detail
Plain-English explanation, CLI checks, portal steps, remediation, automation snippets, and cross-framework mappings.
3/3 free lookups remaining today
Related controls in other frameworks
finding related controls…