WhiteHat Security Interview Question
I was asked to explain the difference between Insufficient Authentication and Insufficient Authorization. In the process, I managed to confuse the person asking the question by giving obscure examples.
Interview Answer
Anonymous
Feb 4, 2014
Insufficient Authentication - Being able to perform a functionality or view information that should not be viewable to an unauthenticated user. Insufficient Authorization - Being able to perform a functionality or view information that should not be viewable to a user of your privilege level (ex: being able to perform administrator functionality as a regular user) or by any user other than you (ex: being able to view another users account information)