Slide 14
Slide 14 text
Broken Access Control
Imagine a serverless application, which exposes a set of public APIs, all of which enforce
proper authentication. At the other end of the system, the application reads files from a cloud
storage service, where file contents are consumed as input to certain lambda functions. If
proper authentication is not applied on the cloud storage service, the system is exposing an
unauthenticated rogue entry point, which was not taken into consideration during system
design.