Understand how broken object level authorisation attacks work against an API, why they work and what the potential impact is..