This page may be out of date

We haven't updated it for a while because we're busy working on new, improved content to help you get the most out of Burp Suite. In the meantime, please note that the information on this page may no longer be accurate.

Visit our Support Center

Using Burp to Test Access Controls

Access controls are a critical defense mechanism within the application due to their primary function: they decide whether an application should permit a given request to perform its attempted action or access the resources it is requesting. When they are defective, an attacker can often compromise the entire application, taking control of administrative functionality and accessing sensitive data belonging to every other user.

Use the links below to access various articles on testing for access control vulnerabilities: