What is access control? Access control is a security technique that can be used to regulate who (or what) can perform attempted actions or access resources in a computing environment. In context of web application security, it determines whether the user is allowed to carry out the action that they are attempting to perform. Synonyms: Authorization Basically, access control enforces a policy where users cannot act outside their intended permissions. It relies on authentication and session management. B roken Access Control : Access controls are designed to regulate user privileges. Failures typically cause unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of user privilege, known as " Broken Access Control " or " Privilege Escalation ". Broken Access Control ranks 5th in the 2020 OWASP Top 10. Broken access control can usually be encountered in any application and these