bola-detector
OfficialPrevent unauthorized data access.
Authorapisec-inc
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill prevents unauthorized access to sensitive data by ensuring that API endpoints correctly verify user ownership of requested resources, mitigating Broken Object Level Authorization (BOLA) vulnerabilities.
Core Features & Use Cases
- BOLA Detection: Identifies insecure direct object references in API endpoints.
- Ownership Verification: Enforces that authenticated users can only access resources they own.
- Use Case: When reviewing an API endpoint that fetches user-specific order details, this Skill ensures the code checks that the logged-in user is indeed the owner of the requested order ID before returning the data.
Quick Start
Use the bola-detector skill to review the attached file 'OrderService.java' for object-level authorization flaws.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: bola-detector Download link: https://github.com/apisec-inc/apisec-skills/archive/main.zip#bola-detector Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.