|
|
|
|
|
|
by yoloClin
1702 days ago
|
|
|
Broken access control is things like direct object vulnerabilities and authorisation bypasses _as well_ as broken authentication controls. I'm not saying you're wrong, and agree that security should never be a 'premium' product, but it's important to identify that it isn't _just_ limited to authentication. That being said, messing with SAML/Oauth assertions is generally pretty fruitful when pentesting, and MFA is something I'd recommend in almost all public facing applications. |
|
|