Broken Access Control (BAC) TL;DR: Umbrella for missing authorisation checks across endpoints, methods, and tiers. Where most real-world bug bounty payouts live. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://owasp.org/Top10/A01_2021-Broken_Access_Control/