OWASP Top 10 API Security Risks – 2023: API1:2023 – Broken Object Level Authorisation
Broken Object Level Authorisation (BOLA) arises when APIs expose endpoints handling object identifiers without adequate access control measures. This vulnerability allows attackers to manipulate object IDs to gain unauthorised access to data.