Broken-Access-Control

Access Control is the security discipline that defines and enforces who can access systems, data, and resources. This SECMONS glossary entry explains access control models, common failures, and how broken enforcement leads to major security incidents.

Authentication and Authorization are distinct security concepts: authentication verifies identity, while authorization determines access rights. This SECMONS glossary entry explains the difference, common implementation flaws, and how misconfigurations lead to security incidents.