Access Control: Access Control Vulnerability¶

Identifier: access_control_agent

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Access control vulnerabilities occur when applications fail to enforce proper authorization checks, allowing users to access resources or perform actions beyond their intended privileges.

How we test: We use AI-powered analysis to test for IDOR, privilege escalation, authentication bypass, and broken function-level authorization. We manipulate object references, session tokens, and role parameters to detect access control weaknesses.

References:

https://portswigger.net/web-security/access-control

Configuration¶

Example¶

Example configuration:

---
security_tests:
  access_control_agent:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.