Broken Object Level Access Control Prevention #14
Description
Not sure if this has been discussed earlier, but I would consider proper integration tests as a preventive mechanism to broken access control. By writing tests for access controls you will get a guarantee that it will not happen, and you will (should) break the build and not deploy the vulnerable changes to production. This of course requires a thorough test suite, with all the "bad" cases covered, and also mechanisms to detect when new API endpoints are added without test coverage.