Question

13. the web application that lucca built has a flaw that causes users who are logged in to be able to take actions they should not be able to in their role. what type of security vulnerability should this be classified as? a. data validation b. session management c. authorization d. error handling

Answer 1

The flaw in the web application that allows users to perform unauthorized actions should be classified as an authorization issue. It is a critical aspect of security that ensures users can only access and perform functions appropriate to their roles.

Step-by-step explanation:

The security flaw in Lucca's web application where users are able to take actions outside of their authorized permissions is best classified as an authorization issue. Authorization refers to the process that determines what a user is able to do within a system, such as accessing specific resources or performing certain actions. In the context of web applications, it is crucial to ensure that users can only take actions that they are permitted to based on their assigned role or permission levels. Mismanagement of these permissions can lead to unauthorized access and potential security breaches.