BFLA

Broken Function Level Authorization (BFLA) occurs when the user is able to perform unauthorized actions (versus BOLA which is accessing another user's resources). Here we are looking for functional requests using various HTTP methods and seeking out actions of other users that should not be able to perform, such as updating, deleting, or altering in any way another user resources.