refactor: rename A1:2019 Broken Object Level Access Control

PauloASilva · PauloASilva · commit f918706b99ad · 2019-06-24T09:30:34.000+01:00
Category was renamed "Missing Object Level Access Control"
diff --git a/2019/en/src/0x00-toc.md b/2019/en/src/0x00-toc.md
@@ -8,7 +8,7 @@ Table of Contents
 * [Release Notes](0x04-release-notes.md)
 * [API Security Risks](0x10-api-security-risks.md)
 * [OWASP Top 10 API Security Risks – 2019](0x11-t10.md)
-* [A1:2019 Broken Object Level Access Control](0xa1-broken-object-level-access-control.md)
+* [A1:2019 Missing Object Level Access Control](0xa1-missing-object-level-access-control.md)
 * [A2:2019 Broken Authentication](0xa2-broken-authentication.md)
 * [A3:2019 Improper Data Filtering](0xa3-improper-data-filtering.md)
 * [A4:2019 Lack of Resources & Rate Limiting](0xa4-lack-of-resources-and-rate-limiting.md)
diff --git a/2019/en/src/0x11-t10.md b/2019/en/src/0x11-t10.md
@@ -3,7 +3,7 @@ OWASP Top 10 API Security Risks – 2019
 
 | Risk | Description |
 | ---- | ----------- |
-| A1:2019 - Broken Object Level Access Control | APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface Level Access Control issue. Object level authorization checks should be taken in mind in every function that accesses a data source using an input from the user. |
+| A1:2019 - Missing Object Level Access Control | APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface Level Access Control issue. Object level authorization checks should be taken in mind in every function that accesses a data source using an input from the user. |
 | A2:2019 - Broken Authentication | Authentication mechanisms are often implemented incorrectly, allowing attackers to compromise authentication tokens or to exploit implementation flaws to assume other user's identities temporarily or permanently. Compromising system's ability to identify the client/user, compromises API overall security. |
 | A3:2019 - Improper Data Filtering | Looking forward to generic implementations developers tend to expose all object properties without considering their individual sensitivity, relying on clients to perform the data filtering before showing it to the user. Without controlling client's state, servers receive more and more filters which can be abused to gain access to sensitive data. |
 | A4:2019 - Lack of Resources & Rate Limiting | Quite often APIs do not impose any restrictions on the size or number of resources that can be requested by the client/user. Not only this can impact the API server performance, leading to Denial of Service (DoS), but also leaves the door open to authentication flaws such as brute force. |
diff --git a/2019/en/src/0xa1-missing-object-level-access-control.md b/2019/en/src/0xa1-missing-object-level-access-control.md
@@ -1,5 +1,5 @@
-A1:2019 Broken Object Level Access Control
-==========================================
+A1:2019 Missing Object Level Access Control
+===========================================
 
 | Threat agents/Attack vectors | Security Weakness | Impacts |
 | - | - | - |
