Glossary

BOLA (Broken Object Level Authorization)

The #1 flaw in the OWASP API Security Top 10, corresponding to insufficient access control at the object level. BOLA is the API version of IDOR: the attacker manipulates object identifiers in API requests to access other users' data. It is systematically tested during API security audits.

Related Pages

owasp api top 10 flaws 2026idor

Other Terms

2FA/MFA (Multi-Factor Authentication)

AES (Advanced Encryption Standard)

AI Agent

ANSSI (French National Cybersecurity Agency)

Back to glossary

Need an external review of your HR SaaS?

Share your product, stack, and client context. We will come back with the right review scope.

Discuss your audit