Authorization
This checklist is a guide for securing authorization on a website. It outlines a series of steps and best practices that should be taken to ensure that only authorized users can access sensitive information and perform certain actions on a website.
🪪 Authorization ID🔗
| #️⃣ | ✅Items | ⚠️Severity | ☠️Vulnerabilities | 🔗Sources |
|---|---|---|---|---|
| 1 | Verify: Ensure role ID is not revealed in URL, cookies, session, local storage, and response header Reason: An attacker can steal the ID and gain unauthorized access | High | Credential Theft |
ACS, ASVS |
| 2 | Verify: If role ID is accessible to the user, ensure that it is validated before it is processed Reason: Prevents malicious input by an attacker | High | Injection |
ACS, ASVS |
| 3 | Verify: Rate limiting mechanisms exist on the role ID Reason: Protection against guessing and Denial of Service (DoS) attacks | Medium | Denial of Service, Brute Force |
⛔ |
| 4 | Verify: If role ID is accessible to the user, it is created using secure random function Reason: The role ID is not guessable | Medium | Brute Force |
ACS, ASVS |
| 5 | Verify: Authorization ID exchange takes place over TLS (HTTPS) Reason: Encrypted channel that prevent eavesdropping | High | Eavesdropping |
⛔ |
| 6 | Verify: Data related to Authorization is stored server side by using secure encryption and hashing algorithms Reason: Provides additional security incase of a database compromise | High | Credential Theft |
⛔ |
📋 Authorization Policies🔗
| #️⃣ | ✅Items | ⚠️Severity | ☠️Vulnerabilities | 🔗Sources |
|---|---|---|---|---|
| 1 | Verify: If a library is used for authorization, ensure it is not misconfigured Reason: Default configurations or misconfigurations can grant unauthorized access to an attacker | High | Misconfiguration |
ACS |
| 2 | Verify: Libraries used for authorization are not vulnerable Reason: An attacker can use the vulnerable library to escalate their privileges | High | Vulnerable Dependency |
ACS |
| 3 | Verify: Sensitive routes cannot be accessed without proper authorization Reason: Prevent directory traversal | High | Path Traversal |
ACS, ASVS |
| 4 | Verify: If location-based authorization is enabled, ensure that VPN, proxy, or changing browser geolocation cannot circumvent it Reason: Prevent location spoofing | Medium | Location Spoofing |
ACS |
| 5 | Verify: Unauthorized access isn't granted through Insecure Direct Object Reference (IDOR) Reason: Prevent unauthorized access by IDOR | Medium | Insecure Direct Object Reference |
ACS, ASVS |
| 6 | Verify: Authorization checks are enforced for each page on the frontend Reason: Cannot steal statically typed information of frontend pages | Low | Path Traversal |
ACS |
| 7 | Verify: Ensure that authorization is validated on client and server side Reason: Prevent injection and Man-in-The-Middle (MiTM) attacks | Medium | Man in the Middle, Injection |
ACS |
| 8 | Verify: Least privilege is enforced Reason: Minimize attack surface incase someone has unauthorized access to someone's account | High | Privilege Escalation |
ACS, ASVS |
| 9 | Verify: Deny by default when no authorization roles match Reason: Attempts by unauthorized users to gain access are assumed to be harmful and are denied access | High | Privilege Escalation |
ACS |
| 10 | Verify: Validate permissions on each request Reason: Ensure all requests are coming from the right authority | Medium | Impersonation |
ACS |
| 11 | Verify: Ensure appropriate logging for failed authorization attempts Reason: Used for investigation in case of a breach or an attempt of a breach | High | Insufficient Logging |
ACS |
| 12 | Verify: Proper error handling of insufficient privileges takes place Reason: Terminate the request for unauthorized paths | High | Privilege Escalation |
ACS |
🔴 Authorization in Production🔗
| #️⃣ | ✅Items | ⚠️Severity | ☠️Vulnerabilities | 🔗Sources |
|---|---|---|---|---|
| 1 | Verify: Authorization roles are regularly reviewed and updated Reason: Ensure each person only has the access they need | High | Privilege Escalation |
⛔ |
| 2 | Verify: Audit logs are monitored regularly for anomalies Reason: Identify attacks that someone tried on a user | High | Path Traversal |
⛔ |
| 3 | Verify: Third party software or libraries used for authorization are updated to the most recent version and are regularly patched Reason: Vulnerability in a third party resource can grant an attacker unauthorized access | High | Privilege Escalation, Path Traversal |
⛔ |
| 4 | Verify: Conduct regular security assessments, vulnerability scans, and penetration testing to identify vulnerabilities in custom and third-party code Reason: Identify any security vulnerabilities that might have appeared in authorization implementation | High | Most Vulnerabilities |
⛔ |
🔗 Sources:
Open Web Application Security Project (OWASP):