ASVS Requirement 8.3.2

• Level: 3
• Chapter: V8 Authorization
• Section: V8.3 Operation Level Authorization
• Source: 0x17-V8-Authorization.md

Description

Verify that changes to values on which authorization decisions are made are applied immediately. Where changes cannot be applied immediately, (such as when relying on data in self-contained tokens), there must be mitigating controls to alert when a consumer performs an action when they are no longer authorized to do so and revert the change. Note that this alternative would not mitigate information leakage.