Exploit authorisation
BOLA and BFLA vulnerabilities reveal weaknesses in the authorisation checks that ensure authenticated users are only able to access their own resources or use functionality that aligns with their permission level.
Use A-B and A-B-A testing.
Discover resource identification methods
Check for BOLA
Check for BFLA