A lot of you probably know what the OWASP top 10 is, but on this page, I would love to describe the op 10 in a more practical way by showing you the attack types that can belong to each category.
We can easily see an example of this in our labs(over at hackxpert.com/ratsite ) There are several broken access control issues we can activate. Let’s talk about some ways to look for this issue though.
Assumptions
We know that the username is admin and the password is test from previous testing.