← Cybersecurity Alphabet Soup

BOLA

Broken Object Level Authorization

attackshard

Broken Object Level Authorization is the API-focused version of IDOR: an API endpoint accepts an object identifier but never verifies the caller is allowed to access that object. Attackers enumerate identifiers to pull other users' records at scale. It sits at the top of the OWASP API Security Top 10 because modern apps expose so much data through APIs.

Sources

More in attacks