Access Control Index¶ Authenticated route bypass Broken Object Level Authorization Forced Browsing Private data Private fields Public state-altering operation Sensitive endpoint bruteforce Tenant isolation