Software Security | Access Control (2024)

[1] Salesforce Developers Technical Library Secure Coding Guidelines - Authorization and Access Control

[2] Salesforce Developers Technical Library Testing CRUD and FLS Enforcement

[3] Salesforce Developers Technical Library Enforcing CRUD and FLS

[4] Salesforce Developers Technical Library Visualforce Developers Guide - Standard Controllers

[5] Standards Mapping - CIS Azure Kubernetes Service Benchmark

3.0

[6] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark

1.0

[7] Standards Mapping - CIS Amazon Web Services Foundations Benchmark

[8] Standards Mapping - CIS Google Kubernetes Engine Benchmark

confidentiality

[9] Standards Mapping - CIS Kubernetes Benchmark

complete

[10] Standards Mapping - Common Weakness Enumeration

CWE ID 566

[11] Standards Mapping - Common Weakness Enumeration Top 25 2023

[24] CWE ID 863

[12] Standards Mapping - DISA Control Correlation Identifier Version 2

CCI-000213, CCI-001084, CCI-002165

[13] Standards Mapping - FIPS200

[14] Standards Mapping - General Data Protection Regulation (GDPR)

Access Violation

[15] Standards Mapping - NIST Special Publication 800-53 Revision 4

AC-3 Access Enforcement (P1)

[16] Standards Mapping - NIST Special Publication 800-53 Revision 5

AC-3 Access Enforcement

[17] Standards Mapping - OWASP Top 10 2004

A2 Broken Access Control

[18] Standards Mapping - OWASP Top 10 2007

A4 Insecure Direct Object Reference

[19] Standards Mapping - OWASP Top 10 2010

A4 Insecure Direct Object References

[20] Standards Mapping - OWASP Top 10 2013

A4 Insecure Direct Object References

[21] Standards Mapping - OWASP Top 10 2017

A5 Broken Access Control

[22] Standards Mapping - OWASP Top 10 2021

A01 Broken Access Control

[23] Standards Mapping - OWASP Application Security Verification Standard 4.0

1.2.2 Authentication Architectural Requirements (L2 L3), 1.2.3 Authentication Architectural Requirements (L2 L3), 1.2.4 Authentication Architectural Requirements (L2 L3), 1.4.2 Access Control Architectural Requirements (L2 L3), 1.4.4 Access Control Architectural Requirements (L2 L3), 2.7.1 Out of Band Verifier Requirements (L1 L2 L3), 2.7.2 Out of Band Verifier Requirements (L1 L2 L3), 2.7.3 Out of Band Verifier Requirements (L1 L2 L3), 2.8.4 Single or Multi Factor One Time Verifier Requirements (L2 L3), 2.8.5 Single or Multi Factor One Time Verifier Requirements (L2 L3), 3.7.1 Defenses Against Session Management Exploits (L1 L2 L3), 4.1.2 General Access Control Design (L1 L2 L3), 4.1.3 General Access Control Design (L1 L2 L3), 4.1.5 General Access Control Design (L1 L2 L3), 4.2.1 Operation Level Access Control (L1 L2 L3), 8.3.4 Sensitive Private Data (L1 L2 L3), 9.2.3 Server Communications Security Requirements (L2 L3), 10.2.1 Malicious Code Search (L2 L3), 13.1.4 Generic Web Service Security Verification Requirements (L2 L3), 14.5.1 Validate HTTP Request Header Requirements (L1 L2 L3), 14.5.4 Validate HTTP Request Header Requirements (L1 L2 L3)

[24] Standards Mapping - OWASP Mobile 2014

M5 Poor Authorization and Authentication

[25] Standards Mapping - OWASP Mobile 2023

M3 Insecure Authentication/Authorization

[26] Standards Mapping - OWASP Mobile 2024

M3 Insecure Authentication/Authorization

[27] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0

MASVS-AUTH-1

[28] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1

Requirement 6.5.2

[29] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2

Requirement 6.5.4

[30] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0

Requirement 6.5.8

[31] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0

Requirement 6.5.8

[32] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1

Requirement 6.5.8

[33] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2

Requirement 6.5.8

[34] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1

Requirement 6.5.8

[35] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0

Requirement 6.2.4

[36] Standards Mapping - Payment Card Industry Software Security Framework 1.0

Control Objective 5.4 - Authentication and Access Control

[37] Standards Mapping - Payment Card Industry Software Security Framework 1.1

Control Objective 5.4 - Authentication and Access Control

[38] Standards Mapping - Payment Card Industry Software Security Framework 1.2

Control Objective 5.4 - Authentication and Access Control, Control Objective C.2.3 - Web Software Access Controls

[39] Standards Mapping - SANS Top 25 2011

Porous Defenses - CWE ID 863

[40] Standards Mapping - Security Technical Implementation Guide Version 3.1

APP3480.1 CAT II

[41] Standards Mapping - Security Technical Implementation Guide Version 3.4

APP3480.1 CAT I

[42] Standards Mapping - Security Technical Implementation Guide Version 3.5

APP3480.1 CAT I

[43] Standards Mapping - Security Technical Implementation Guide Version 3.6

APP3480.1 CAT I

[44] Standards Mapping - Security Technical Implementation Guide Version 3.7

APP3480.1 CAT I

[45] Standards Mapping - Security Technical Implementation Guide Version 3.9

APP3480.1 CAT I

[46] Standards Mapping - Security Technical Implementation Guide Version 3.10

APP3480.1 CAT I

[47] Standards Mapping - Security Technical Implementation Guide Version 4.1