BiteSizedChunks.comLearn one small thing at a time.

Course contentsShow

Security

795Access Control Fundamentals
796Discretionary Access Control (DAC)
797Mandatory Access Control (MAC)
798Role-Based Access Control (RBAC)
799Attribute-Based Access Control (ABAC)
800Relationship-Based Access Control (ReBAC)
801Hierarchical and Delegated Models
802Choosing and Implementing Access Models
803Broken Access Control Overview
804Horizontal vs Vertical Privilege Escalation
805Missing Function-Level Access Control
806Path Traversal and Directory Access
807Direct Reference Manipulation
808Multi-Step Process Authorization Failures
809Parameter Tampering for Authorization Bypass
810Mass Assignment Authorization Issues
811Referer and Origin-Based Authorization Flaws
812Context-Dependent Authorization Failures
813IDOR Fundamentals and Common Patterns
814Sequential and Predictable Identifiers
815GUID and UUID Vulnerabilities
816Parameter Tampering in IDOR Attacks
817IDOR in REST APIs and GraphQL
818Multi-Step IDOR Exploitation
819Testing for IDOR Vulnerabilities
820Blind IDOR and Indirect Object References
821Preventing IDOR with Access Control Checks
822Understanding Privilege Escalation Concepts
823Identifying Privilege Escalation Vulnerabilities
824Vertical Privilege Escalation Techniques
825Horizontal Privilege Escalation Patterns
826Parameter Tampering for Privilege Escalation
827Session and Cookie Manipulation
828Multi-Step Privilege Escalation Chains
829Testing for Privilege Escalation
830Preventing Privilege Escalation
831Authorization Testing Methodology
832Manual Testing Techniques for Access Control
833Automated Access Control Testing
834Testing Multi-User Scenarios
835Testing State-Based and Workflow Authorization
836API Authorization Testing
837Documenting and Reporting Authorization Flaws
838Access Control Defense Strategy
839Deny by Default Principles
840Server-Side Authorization Enforcement
841Centralized Authorization Logic
842Resource-Level Permission Checks
843Indirect Object References
844Authorization Logging and Monitoring
845Access Control Testing Automation

Security

795Access Control Fundamentals
796Discretionary Access Control (DAC)
797Mandatory Access Control (MAC)
798Role-Based Access Control (RBAC)
799Attribute-Based Access Control (ABAC)
800Relationship-Based Access Control (ReBAC)
801Hierarchical and Delegated Models
802Choosing and Implementing Access Models
803Broken Access Control Overview
804Horizontal vs Vertical Privilege Escalation
805Missing Function-Level Access Control
806Path Traversal and Directory Access
807Direct Reference Manipulation
808Multi-Step Process Authorization Failures
809Parameter Tampering for Authorization Bypass
810Mass Assignment Authorization Issues
811Referer and Origin-Based Authorization Flaws
812Context-Dependent Authorization Failures
813IDOR Fundamentals and Common Patterns
814Sequential and Predictable Identifiers
815GUID and UUID Vulnerabilities
816Parameter Tampering in IDOR Attacks
817IDOR in REST APIs and GraphQL
818Multi-Step IDOR Exploitation
819Testing for IDOR Vulnerabilities
820Blind IDOR and Indirect Object References
821Preventing IDOR with Access Control Checks
822Understanding Privilege Escalation Concepts
823Identifying Privilege Escalation Vulnerabilities
824Vertical Privilege Escalation Techniques
825Horizontal Privilege Escalation Patterns
826Parameter Tampering for Privilege Escalation
827Session and Cookie Manipulation
828Multi-Step Privilege Escalation Chains
829Testing for Privilege Escalation
830Preventing Privilege Escalation
831Authorization Testing Methodology
832Manual Testing Techniques for Access Control
833Automated Access Control Testing
834Testing Multi-User Scenarios
835Testing State-Based and Workflow Authorization
836API Authorization Testing
837Documenting and Reporting Authorization Flaws
838Access Control Defense Strategy
839Deny by Default Principles
840Server-Side Authorization Enforcement
841Centralized Authorization Logic
842Resource-Level Permission Checks
843Indirect Object References
844Authorization Logging and Monitoring
845Access Control Testing Automation

← Security

Lesson 811 of 3,052·17. Web Security - Authorization and Access ControlPro lesson

Referer and Origin-Based Authorization Flaws

Understanding why relying on HTTP headers like Referer or Origin for authorization decisions is insecure.

This lesson is for subscribers

You've completed the free preview. Subscribe to unlock every lesson in every course.

See pricing Back to course