Access Restricted: A Study of Broken Access Control Vulnerabilities

Authors

  • Sadeeq Jan Department of Computer System Engineering, University of Engineering and Technology, Pakistan
  • Safi Ullah Khan Department of Computer System Engineering, University of Engineering and Technology, Pakistan
  • Abdul Wahab Department of Computer System Engineering, University of Engineering and Technology, Pakistan
  • Dr. Mohammad Department of Computer Science & Information Technology, University of Engineering and Technology Peshawar, Pakistan

DOI:

https://doi.org/10.47852/bonviewAAES52024016

Keywords:

broken access control, OWASP Top 10, web application security, vulnerability exploitation, attack vectors, security vulnerabilities, access control mechanisms

Abstract

Broken access control vulnerability is ranked No.1 in OWASP Top 10 list in 2021. This means that it is the most commonly used exploited weakness in the web applications by attackers today. Because if an attacker can exploit this vulnerability, they can gain control rights and potentially compromise the entire web application. From that point forward, the attacker can execute various attacks depending on their objectives. That’s what makes it the most purposeful. In this research, we will reveal the security vulnerability of the access control in a web applications system. We will explore case studies of real-world attacks that leverage broken access control, providing a contextual understanding of the impact and implications of these vulnerabilities. Through this research, we aim to contribute to the ongoing efforts to enhance web application security and mitigate the risks associated with broken access control vulnerabilities. We will examine vulnerabilities in web applications that attackers can use to compromise access. Finally, we discuss the protection and security measures that should be taken against attackers who use this vulnerability.

 

Received: 2 August 2024 | Revised: 15 January 2025 | Accepted: 18 February 2025

 

Conflicts of Interest

The authors declare that they have no conflicts of interest to this work.

 

Data Availability Statement

Data available on request from the corresponding author upon reasonable request.

 

Author Contribution Statement

Sadeeq Jan: Methodology, Formal analysis, Supervision. Safi Ullah Khan: Conceptualization, Methodology, Software, Validation, Formal analysis, Investigation, Resources, Data curation, Writing - original draft, Writing - review & editing, Visualization, Project administration. Abdul Wahab: Conceptualization, Methodology, Software, Validation, Formal analysis, Investigation, Resources, Data curation, Writing - original draft, Writing - review & editing, Visualization, Project administration. Dr. Mohammad: Investigation, Project administration.


Downloads

Published

2025-03-11

Issue

Online First

Section

Research Articles

License

Copyright (c) 2025 Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Jan, S., Khan, S. U., Wahab, A., & Dr. Mohammad. (2025). Access Restricted: A Study of Broken Access Control Vulnerabilities. Archives of Advanced Engineering Science, 1-6. https://doi.org/10.47852/bonviewAAES52024016