5 Assessing Authorization Checks

This chapter covers the basics of authorization, including an explanation of how an application uses roles to determine user functions. Web penetration testing involves key assessments to determine how well the application validates functions assigned to a given role or individual user, and we will learn how to use Burp Suite to perform these tests.

In this chapter, we will cover the following recipes:

Testing for directory traversal
Testing for Local File Inclusion (LFI)
Testing for Remote File Inclusion (RFI)
Testing for privilege escalation
Testing for Insecure Direct Object Reference (IDOR)

Technical requirements

To complete the recipes in this chapter, you will need the following:

OWASP Broken Web Applications ...

Get Burp Suite Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Burp Suite Cookbook - Second Edition by Dr. Sunny Wear

5

Assessing Authorization Checks

Technical requirements

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly