In 2021, the OWASP Top 10 list moved broken access control from the fifth position to first on the list of top vulnerabilities in web applications. According to OWASP, 94% of applications were found to have some form of broken access control, with the average incidence rate of 3.81%.
In this video, see an example of broken access control in an insecure bank application. This example uses a classic vulnerability, insecure direct object reference.