Access control focuses on the authorization, which means it controls who and what can perform specific actions or access specific resources. Bad access controls lead to unauthorized access, modification, and even destruction of resources.
There are numerous access control vulnerabilities like metadata manipulation, CORS misconfiguration, and JSON web token. These can all be handled by proper access controls. There are three types of access controls, administrative, technical, and physical. Main focus will be technical access controls for the CySA exam.
For effective access control, trusted service side code or server-less API is critical to prevent modification. You can also take additional steps like checking permissions, disabling client side caching on restricted pages, and denying access to all functions by default.
HansITAcademy 