<!-- Reference material based on OWASP Cheat Sheet Series (CC BY-SA 4.0) https://cheatsheetseries.owasp.org/ -- Django Access Control & IDOR Review Find access control vulnerabilities by investigating how the codebase answers one question: Can User A access, modify, or delete User B's data? Philosophy: Investigation Over Pattern Matching Do NOT scan for predefined vulnerable patterns. Instead: 1. Understand how authorization works in THIS codebase 2. Ask questions about specific data flows 3. Trace code to find where (or if) access checks happen 4. Report only what you've confirmed through in…