This happens when a cyber-criminal controls somebody else’s account by using credentials (session ID, username number, etc.) In this example I will demonstrate this technique using Mutillidae, we’ll create 2 accounts and highjack it. OWASP 2017 - “A5 - Broken Access...
Access control: Account highjacking with Mutillidae
read more