UPDATE:
OWASP just updated the Top 10 list.
Check out this in-depth post to learn everything about the new OWASP Top 10 2021.
Discover OWASP Top 10 2021
Could result from insufficient protection of sensitive request handlers within an application:
It can be anything from seemingly useless information to a full system takeover.
http://randomsite.com
http://randomsite.com/app/getappinfo
http://randomsite.com/app/admin_getappinfo
http://randomsite.com/app/userId=21775
userId
to that of another user: http://randomsite.com/app/userId=31356
userID
The information flow control system implemented by Hdiv allows control of the resources (links and forms) exposed by the application, and prevents breaking the original contract from the server. In other words, even when the programmer does not use access control systems or ACL (Java EE or Spring Security) Hdiv is able to know which resource is legally accessible by each user.
Risk Covered
Hdiv flow control prevents any client attempt to break the server contract.