Authorization Attack
Authorization attacks attempt to gain access to resources without the appropriate authorization to do so.
- like authentication mechanisms, placing authorization mechanisms on the client side is bad
Remediation
- Authenticate against a remote server or on the hardware of the device
- Authorize with principle of least privilege
- Always check privileges each time an action requires privileges
- Set measures in place that stop users from proceeding if they do get access to restricted portions of the application