172 - Access control issues
Incorrect or insufficient access control or authorization related to system actors, roles, assets and permissions may lead to security issues.
- Access Control -> Authorization
- E.g.: Users, Roles, Permissions, Modifiers, Visibility, Address, Accounts, Keys
- Assets/Actors/Actions
- Trust/Threat Model
- Spec -> Implement
- Check Access Control