broken-access-control
CommunitySecure your access controls.
Software Engineering#authorization#access control#API security#JWT#IDOR#privilege escalation#cloud IAM
Authorzhanglimao
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps you identify and exploit weaknesses in access control mechanisms, ensuring your applications prevent unauthorized data access and privilege escalation.
Core Features & Use Cases
- Comprehensive Testing: Covers OWASP Top 10 risks related to access control, including IDOR, forced browsing, and privilege escalation.
- Methodology Driven: Provides detailed guides for various scenarios like API permission testing, JWT manipulation, and cloud IAM auditing.
- Use Case: A penetration tester can use this Skill to systematically test an application's authorization layer, discovering vulnerabilities like a regular user being able to access administrator functions or view another user's sensitive data.
Quick Start
Use the broken-access-control skill to test for IDOR vulnerabilities in the user profile endpoint.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: broken-access-control Download link: https://github.com/zhanglimao/Abyss/archive/main.zip#broken-access-control Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.