Testing for Privilege Escalation
OWASP Web Security Testing Guide 4.2 > 5. Authorization Testing > 5.3. Testing for Privilege Escalation
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
5.3 | WSTG-ATHZ-03 | Testing for Privilege Escalation | - Identify injection points related to role/privilege manipulation. For example: Change some param groupid=2 to groupid=1 - Verify that it is not possible for a user to modify their privileges or roles inside the application - Fuzz or otherwise attempt to bypass security measures. |