testing-for-broken-access-control
CommunityDetect and validate broken access control issues.
AuthorAcczdy
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This skill provides a systematic approach to discover and validate broken access control vulnerabilities in web applications and APIs, reducing the risk of unauthorized data access and privilege escalation.
Core Features & Use Cases
- Endpoint mapping & matrix creation: Enumerate endpoints and document expected role-based access to identify mismatches.
- Privilege escalation simulation: Test vertical and horizontal escalation, method-override bypasses, mass-assignment, and IDOR scenarios across roles.
- Multi-tenant and function-level checks: Verify tenant isolation and function-level authorization for both UI and API surfaces; ideal for OWASP A01:2021 assessments and authorized penetration tests.
Quick Start
Run the included agent with the target base URL and a regular user's Bearer token to generate an access control assessment report.
Dependency Matrix
Required Modules
requestsurllib3
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: testing-for-broken-access-control Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#testing-for-broken-access-control Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.