Privilege Escalation Testing: Vertical and Horizontal Access Control Bypass untuk Perusahaan Indonesia

Privilege escalation testing evaluates whether users can gain access beyond their intended permissions. Vertical escalation occurs when a lower-privileged user gains higher privileges — a standard user accessing admin functions. Horizontal escalation occurs when a user accesses resources belonging to another user of the same privilege level — User A viewing User B's data. Testing systematically evaluates every function and data access point with different user roles: can a customer access admin API endpoints? Can User A retrieve User B's records by modifying identifiers? Can a read-only user perform write operations? This testing is manually intensive because it requires understanding the application's role model and testing every combination of role and function. It is consistently the most valuable testing activity for finding critical vulnerabilities.