A healthcare organization discovers an issue where unauthorized personnel can view patient records by directly navigating to URLs containing sensitive information. What is the most effective control to mitigate this vulnerability?
Implementing proper authorization checks ensures that only users with the required permissions can access sensitive data, preventing unauthorized access. Session management, although important, does not directly address the ability to view data by URL manipulation. Input validation and encryption are crucial but do not specifically protect against broken access control vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are authorization checks and why are they important?
Open an interactive chat with Bash
What are some methods for implementing proper authorization?
Open an interactive chat with Bash
What is broken access control and how can it be exploited?