___ # Tags #web-application #appsec #burpsuite #bug-bounties # Helpful Docs # Notes #### Server-side Vulnerabilities ##### Access Control - Authentication - Confirms a user is who they say - Session mgmt - Identifies which web requests were made by the same user - Access control - Determines if the user is allowed to carry out an action - Vertical privilege escalation - Gaining access to functionality they were not permitted to access - A non-admin user gaining access to the admin console as an example - Horizontal privilege escalation - Gaining access to resources belonging to another users, not necessarily escalating privileges but access privileges of users at the account's current level that you are already at