This talk will dive into three vulnerabilities:

- BOLA (Broken Object Level Authorization)
- BOPLA (Broken Object Property Level Authorization)
- BFLA (Broken Function Level Authorization)

Why are these three vulnerabilities all in the top five from OWASP Top 10 API? Why are these some of the most common security mistakes a developer makes? How do we systematically protect against them and drastically reduce our attack surface? These are all questions that will be answered in this talk.

Through code examples of both good and bad code we will increase our understanding of how we effectively implement authorization. Fixing these vulnerabilities can actually be quite easy with good design patterns that factors in security at all levels of the application.