Skip to main content
Run any Skill in Manus
with one click

broken-access-control-idor

Stars2
Forks1
UpdatedJuly 9, 2026 at 12:42

SAST detection methodology for broken access control (CWE-284/862) and insecure direct object references / BOLA (CWE-639), including function-level authorization gaps (BFLA), horizontal/vertical privilege escalation, missing ownership checks, "UUID is not access control", and inconsistent auth middleware. Use when reviewing routes/controllers/resolvers that read or mutate a resource identified by a request-supplied id. Writes confirmed findings to findings/19-broken-access-control-idor.md.

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

SKILL.md
readonly