JSON Web Tokens have become increasingly popular in recent years because of their powerful capabilities to exchange information between servers and services in a verifiable way. (Note: I did not say secure or encrypted :) ) Often JSON Web Tokens or JWTs (pronounced “jot”) are issued by …

In this article we’ll dive into the Broken Object Level Authorization (BOLA) API vulnerability. What it is, how it’s created in code, and how to prevent it. What is Broken Object Level Authorization? Based on the OWASP 2019 API Security Project, Broken Object Level Authorization …