ASVS Requirement 8.2.2

• Level: 1
• Chapter: V8 Authorization
• Section: V8.2 General Authorization Design
• Source: 0x17-V8-Authorization.md

Description

Verify that the application ensures that data-specific access is restricted to consumers with explicit permissions to specific data items to mitigate insecure direct object reference (IDOR) and broken object level authorization (BOLA).