This lab presents a challenge in the Let See cyber range that exploits a Broken Object-Level Authorization vulnerability by allowing an adversary to charge a purchase to someone else’s credit card. Adversaries can exploit failures in complex authorization mechanisms of API-based applications by manipulating parameters such as object IDs sent in requests.
Learning Objectives
On successful completion of this course, learners should have the knowledge and skills required to:
- Understand how adversaries can exploit failures in complex authorization mechanisms of API-based applications by manipulating parameters such as object IDs sent in requests
- Recognize how intercept proxy tools can be used in both information gathering and perpetrating attacks.