Skip to content

Commit

Permalink
Add 4.2.4 - addressing access control by originating subject
Browse files Browse the repository at this point in the history
  • Loading branch information
@EnigmaRosa @elarlang
EnigmaRosa authored and elarlang committed Oct 14, 2024
1 parent b53a1c9 commit 71e2b20
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions 5.0/en/0x12-V4-Access-Control.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ Access control deficiencies are unlikely to be discovered using generic automate
| **4.2.1** | Verify that sensitive data and APIs are protected against Insecure Direct Object Reference (IDOR) attacks targeting creation, reading, updating and deletion of records, such as creating or updating someone else's record, viewing everyone's records, or deleting all records. |||| 639 |
| **4.2.2** | [MOVED TO 50.3.1] | | | | |
| **4.2.3** | [ADDED] Verify that multi-tenant applications use cross-tenant controls to ensure user operations will never affect tenants with which they do not have permissions to interact. |||| 283 |
| **4.2.4** | [ADDED] Verify that access to an object is based on the originating subject's (e.g. user's) permissions, not on the permissions of any intermediary or service acting on their behalf. | | || 441 |

## V4.3 Other Access Control Considerations

Expand Down

0 comments on commit 71e2b20

Please sign in to comment.