Missing function level access control
Web applications verify the function level access rights for a user before providing access to a specific functionality. These access control checks also need to be verified server-side. If these types of access checks are missing on the server side, an attacker can enter the application without any authorization. To check this type of vulnerability, we can create custom scripts to authenticate a less privileged user to the application and try accessing restricted pages. We can make sure that all restricted pages are not accessible for any less privileged user.