Access-Control
Access Control — Enforcing Who Can Access What in a System
Access Control is the security discipline that defines and enforces who can access systems, data, and resources. This SECMONS glossary entry explains access control models, common failures, and how broken enforcement leads to major security incidents.
API Security — Protecting Application Programming Interfaces from Abuse and Exploitation
API Security focuses on protecting Application Programming Interfaces (APIs) from unauthorized access, data exposure, and exploitation. This SECMONS glossary entry explains common API vulnerabilities, attack patterns, and defensive controls required to secure modern API-driven architectures.
Authentication vs Authorization — Verifying Identity vs Granting Access
Authentication and Authorization are distinct security concepts: authentication verifies identity, while authorization determines access rights. This SECMONS glossary entry explains the difference, common implementation flaws, and how misconfigurations lead to security incidents.
Insecure Direct Object Reference (IDOR) — Accessing Unauthorized Resources via Predictable Identifiers
Insecure Direct Object Reference (IDOR) is an access control vulnerability where an application exposes internal object references without proper authorization checks. This SECMONS glossary entry explains how IDOR works, real-world impact, and how defenders should prevent and detect it.
Privilege Escalation — Gaining Higher Access Rights Than Intended
Privilege Escalation is an attack technique where a user or process gains higher permissions than originally granted. This SECMONS glossary entry explains vertical and horizontal privilege escalation, common exploitation paths, and defensive mitigation strategies.