API Security Checked by Vezraa
Broken Object Level Authorization (BOLA)
API vulnerability where object-level access controls are missing or broken.
BOLA is the API equivalent of IDOR — attackers access objects they shouldn't by guessing or enumerating IDs. It's #1 on the OWASP API Security Top 10. Fix by validating the requesting user has permission to access the specific object.