Series

Broken Access Control

A deep dive into broken access control for Java and Spring applications. Covers IDOR and horizontal privilege escalation with ownership validation, vertical escalation using role and attribute based access control in Spring Security 6, and a security architect's perspective on threat modeling, compliance, and building authorization into the development process.

Broken Access Control in Java and Spring: Secure Implementation Patterns (Part 1)
Broken Access Control sits at the top of the OWASP Top 10 2025, and that ranking tells an important story. Authentication answers a simple question: who is this person? Authorization answers a harder
Jun 16, 202621 min read9

Command Palette