ProfessionalCommunity Edition

Testing access controls with Burp Suite

Last updated: May 15, 2025
Read time: 1 Minute

Access control (or authorization) is the placing of constraints on who or what can perform a certain action or access a specific resource within an application.

Broken access controls are a commonly encountered and often critical security vulnerability. If access controls are not correctly configured then an attacker may be able to access resources that they do not have authorization to access. This could lead to the attacker potentially obtaining sensitive data or discovering additional attack surface for the application.

Burp Suite enables you to use a range of tools to test for access control vulnerabilities.

Tutorials in this section

Testing for IDORs
Testing for parameter-based access control
Testing for privilege escalation
Testing horizontal access controls
Using match and replace rules