/alerttags/cwe-205/ Recent content in CWE-205 on ZAP Hugo en-us /docs/alerts/10102/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10102/ <p>Insufficient Authorization results when an application does not perform adequate authorization checks to ensure that the user is performing a function or accessing data in a manner consistent with the security policy. Authorization procedures should enforce what a user, service or application is permitted to do. When a user is authenticated to a web site, it does not necessarily mean that the user should have full access to all content and functionality.</p> /docs/alerts/90027/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90027/ <p>Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.</p> /docs/alerts/50007-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/50007-2/ <p>The server is using &ldquo;Example GraphQL Engine&rdquo;, which is a GraphQL implementation for &ldquo;Example Technology 1&rdquo; and &ldquo;Example Technology 2&rdquo;.</p>