access_control 13
- Lab 13: Referer-based access control
- Lab 12: Multi-step process with no access control on one step
- Lab 11 : Insecure direct object references
- Lab 10: User ID controlled by request parameter with password disclosure
- Lab 09: User ID controlled by request parameter with data leakage in redirect
- Lab 08: User ID controlled by request parameter, with unpredictable user IDs
- Lab 07: User ID controlled by request parameter
- Lab 06: Method-based access control can be circumvented
- Lab 05: URL-based access control can be circumvented
- Lab 04: User role can be modified in user profile
- Lab 03: User role controlled by request parameter
- Lab 02: Unprotected admin functionality with unpredictable URL
- Lab 01: Unprotected Admin Functionality