Definition

What is Authorization?

The process of determining what actions and resources a verified identity is permitted to access or modify. Unlike authentication (which verifies who you are), authorization defines what you are allowed to do. Failures in authorization — including privilege escalation, IDOR, and missing function-level access control — are among the most impactful and frequently discovered application security vulnerabilities.

Related terms

Authentication →

The process of verifying the identity of a user, device, or system before granting access to a resource.

Insecure Direct Object Reference (IDOR) →

A vulnerability that occurs when an application exposes an internal implementation object — such as a database record ID, filename, or account number — without verifying that the requesting user is authorized to access it.

Privilege Escalation →

The process of exploiting a vulnerability or misconfiguration to gain a higher level of access than was originally authorized.

OAuth 2.0 →

An authorization framework that allows applications to obtain limited delegated access to user accounts on third-party services without requiring users to share their passwords.

Put this into practice

API security testing automation →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.