v4 Access control verification requirementsΒΆ
- 4.1 Authorisation of functions and services
- 4.4 Authorisation of direct object references
- 4.5 Disabled directory browsing
- 4.8 Access controls fail securely
- 4.9 Access control rules are enfoced server side
- 4.10 User and data attributes and policy information cannot be manipulated unauthorized
- 4.11 Access controls are enforced on the server side
- 4.12 Has centralized mechanism for access to protected resources
- 4.13 Protects against CSRF
- 4.14 Access control decisions and failed decisions are logged
- 4.15 Protects against fraud
- 4.16 Protects against parameter tampering