Abstract: | ABSTRACT This paper describes a practical approach on how to test Websites for flaws in role-based authorization controls. The first two sections discuss the importance of testing these controls and how this testing is tied to the business that the Website supports. The rest of the paper outlines the general approach and some specific tools and techniques that can be used. |