Using Burp to Test Access Controls

Access controls are a critical defense mechanism within the application due to their primary function: they decide whether an application should permit a given request to perform its attempted action or access the resources it is requesting. When they are defective, an attacker can often compromise the entire application, taking control of administrative functionality and accessing sensitive data belonging to every other user.

Use the links below to access various articles on testing for access control vulnerabilities: