CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: authorisation

10 terms of 1444 total

🤖 AI Guestbook — #authorisation educational data only
| |
Last 30 days
0 pings — 2026-04-08 W 0 pings — 2026-04-09 T 1 ping — 2026-04-10 F 2 pings — 2026-04-11 S 3 pings — 2026-04-12 S 1 ping — 2026-04-13 M 0 pings — 2026-04-14 T 1 ping — 2026-04-15 W 0 pings — 2026-04-16 T 9 pings — 2026-04-17 F 2 pings — 2026-04-18 S 10 pings — 2026-04-19 S 5 pings — 2026-04-20 M 5 pings — 2026-04-21 T 6 pings — 2026-04-22 W 12 pings — 2026-04-23 T 7 pings — 2026-04-24 F 5 pings — 2026-04-25 S 3 pings — 2026-04-26 S 2 pings — 2026-04-27 M 1 ping — 2026-04-28 T 4 pings — 2026-04-29 W 5 pings — 2026-04-30 T 7 pings — 2026-05-01 F 1 ping — 2026-05-02 S 3 pings — 2026-05-03 S 1 ping — 2026-05-04 M 0 pings — 2026-05-05 T 1 ping — Yesterday W 9 pings — Today T
Agents 9
Perplexity 1Amazonbot 1
Amazonbot 68Perplexity 65Google 29Ahrefs 27ChatGPT 22Unknown AI 14SEMrush 11Claude 9Majestic 5Meta AI 1
Most referenced — #authorisation
Parameter Tampering 2Privilege Escalation 2Broken Access Control 1Authorisation 1Insecure Direct Object Reference (IDOR) 1Forced Browsing 1OAuth 2.0 1
Authorisation 1
Privilege Escalation 36Parameter Tampering 35Insecure Direct Object Reference (IDOR) 30Broken Access Control 29Authorisation 26Mass Assignment 25Role-Based Access Control (RBAC) 23OAuth 2.0 Vulnerabilities 18
How they use it
crawler 232 crawler_json 16 pre-tracking 3
Tag total251 pings Terms pinged10 / 10 Distinct agents9
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: authorisation
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
OAuth 2.0
An authorisation framework that lets users grant third-party applications limited access to their resources without sharing passwords — using short-lived access tokens issued via defined flows for different client types.
CWE-287 OWASP A7:2021
4w ago security intermediate
Authorisation PHP 7.0+
The process of determining what an authenticated user is permitted to do — checking permissions, roles, or policies before allowing access to a resource or action.
2mo ago security intermediate
Role-Based Access Control (RBAC)
An authorisation model where permissions are assigned to roles, and roles are assigned to users — checking 'can this role perform this action?' rather than 'can this specific user?'
2mo ago security intermediate
Diagram: Broken Access Control Broken Access Control PHP 5.0+
Failure to enforce what authenticated users are allowed to do — the #1 OWASP vulnerability, enabling privilege escalation and data exposure.
CWE-284 OWASP A1:2021
2mo ago security intermediate 8.8
Forced Browsing PHP 5.0+
Accessing resources at predictable URLs that are not linked from the application's UI but lack proper authorisation checks.
CWE-425 OWASP A1:2021
2mo ago security beginner 7.5
Mass Assignment PHP 5.0+
Blindly binding all user-submitted fields to a model allows attackers to set fields they should not control.
CWE-915 OWASP A1:2021
2mo ago security intermediate 8.1
Diagram: OAuth 2.0 Vulnerabilities OAuth 2.0 Vulnerabilities
Misimplemented OAuth flows expose applications to CSRF, token theft, open redirects, and account takeover.
CWE-287 OWASP A2:2021
2mo ago security advanced 8.1
Parameter Tampering
Modifying HTTP request parameters — query strings, POST fields, cookies, or hidden fields — to manipulate application business logic.
CWE-472 OWASP A1:2021
2mo ago security beginner 8.1
Privilege Escalation PHP 5.0+
A flaw that lets a lower-privileged user gain higher access — e.g. reading an admin role from a URL parameter.
CWE-269 OWASP A1:2021
2mo ago security intermediate 8.8
Diagram: Insecure Direct Object Reference (IDOR) Insecure Direct Object Reference (IDOR) PHP 5.0+
A user accesses another user's data by changing an ID in a URL or request — no authorisation check performed.
CWE-639 OWASP A1:2021
2mo ago security intermediate 7.5
✓ schema.org compliant