V4.2 — Operation Level Access Control
Operation Level Access Control: 2 L3 requirement(s). V4.2.1: Verify that sensitive data and APIs are protected against Insecure Direct Object Reference (IDOR) attacks targeting crea... V4.2.2: Verify that the application or framework enforces a strong anti-CSRF mechanism to protect authenticated functionality, a...
| Property | Value |
|---|---|
| Section | V4.2 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-ACCESS-01 | Multi-Tenant Isolation |
Source: OWASP Application Security Verification Standard 4.0.3