Most modern applications follow a multi-tenant architecture designed to be used by multiple users with varying access privileges. A cyber attack usually begins by compromising one of the standard user’s access to gain entry into the system. The next step usually involves elevating access to privileged accounts and resources kept away from a standard user. This form of a security breach is commonly known as a privilege escalation that facilitates illicit access to escalated rights and permissions beyond what the user is entitled to.
Privilege escalation is one of the most commonly leveraged mechanisms in a modern cyber attack chain that results in unauthorized access to an entire system.
This guide delves into how privilege escalation works, various severity levels, standard attack techniques, and best practices to prevent such attacks in modern web applications.