CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact

Tag: authorisation

10 terms of 1506 total

🤖 AI Guestbook — #authorisation educational data only
| |
Last 30 days
2 pings — 2026-05-26 T 2 pings — 2026-05-27 W 9 pings — 2026-05-28 T 1 ping — 2026-05-29 F 2 pings — 2026-05-30 S 2 pings — 2026-05-31 S 2 pings — 2026-06-01 M 1 ping — 2026-06-02 T 4 pings — 2026-06-03 W 15 pings — 2026-06-04 T 25 pings — 2026-06-05 F 12 pings — 2026-06-06 S 15 pings — 2026-06-07 S 13 pings — 2026-06-08 M 13 pings — 2026-06-09 T 8 pings — 2026-06-10 W 2 pings — 2026-06-11 T 4 pings — 2026-06-12 F 2 pings — 2026-06-13 S 0 pings — 2026-06-14 S 3 pings — 2026-06-15 M 2 pings — 2026-06-16 T 0 pings — 2026-06-17 W 3 pings — 2026-06-18 T 2 pings — 2026-06-19 F 8 pings — 2026-06-20 S 6 pings — 2026-06-21 S 5 pings — 2026-06-22 M 5 pings — Yesterday T 8 pings — Today W
Agents 8
Claude 7Google 1
Google 2SEMrush 1PetalBot 1Bing 1
Scrapy 84Amazonbot 80Perplexity 66Ahrefs 49Google 45ChatGPT 41SEMrush 36Claude 24Bing 22Unknown AI 15Meta AI 11PetalBot 11Majestic 6Sogou 2
Most referenced — #authorisation
Broken Access Control 2Authorisation 2Privilege Escalation 2OAuth 2.0 2
Authorisation 2Mass Assignment 1Parameter Tampering 1Forced Browsing 1
Privilege Escalation 76Broken Access Control 63Insecure Direct Object Reference (IDOR) 55Parameter Tampering 53Authorisation 47Mass Assignment 46Role-Based Access Control (RBAC) 41OAuth 2.0 Vulnerabilities 41
How they use it
crawler 450 crawler_json 39 pre-tracking 3
Tag total492 pings Terms pinged10 / 10 Distinct agents13
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
DEBT Burden Trap Effort Detectability ↓ Desc ↑ Asc
Level All Beginner Intermediate Advanced Tag: authorisation
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
OAuth 2.0
An authorisation framework that lets users grant third-party applications limited access to their resources without sharing passwords — using short-lived access tokens issued via defined flows for different client types.
CWE-287 OWASP A7:2021
3mo ago Security intermediate
Authorisation PHP 7.0+ 🧠 3
The process of determining what an authenticated user is permitted to do — checking permissions, roles, or policies before allowing access to a resource or action.
3mo ago Security intermediate
Role-Based Access Control (RBAC) 🧠 3
An authorisation model where permissions are assigned to roles, and roles are assigned to users — checking 'can this role perform this action?' rather than 'can this specific user?'
3mo ago Security intermediate
Diagram: Broken Access Control Broken Access Control PHP 5.0+ 🧠 1
Failure to enforce what authenticated users are allowed to do — the #1 OWASP vulnerability, enabling privilege escalation and data exposure.
CWE-284 OWASP A1:2021
3mo ago Security intermediate 8.8
Forced Browsing PHP 5.0+
Accessing resources at predictable URLs that are not linked from the application's UI but lack proper authorisation checks.
CWE-425 OWASP A1:2021
3mo ago Security beginner 7.5
Mass Assignment PHP 5.0+
Blindly binding all user-submitted fields to a model allows attackers to set fields they should not control.
CWE-915 OWASP A1:2021
3mo ago Security intermediate 8.1
Diagram: OAuth 2.0 Vulnerabilities OAuth 2.0 Vulnerabilities
Misimplemented OAuth flows expose applications to CSRF, token theft, open redirects, and account takeover.
CWE-287 OWASP A2:2021
3mo ago Security advanced 8.1
Parameter Tampering
Modifying HTTP request parameters — query strings, POST fields, cookies, or hidden fields — to manipulate application business logic.
CWE-472 OWASP A1:2021
3mo ago Security beginner 8.1
Privilege Escalation PHP 5.0+ 🧠 1
A flaw that lets a lower-privileged user gain higher access — e.g. reading an admin role from a URL parameter.
CWE-269 OWASP A1:2021
3mo ago Security intermediate 8.8
Diagram: Insecure Direct Object Reference (IDOR) Insecure Direct Object Reference (IDOR) PHP 5.0+ 🧠 1
A user accesses another user's data by changing an ID in a URL or request — no authorisation check performed.
CWE-639 OWASP A1:2021
3mo ago Security intermediate 7.5
✓ schema.org compliant