Abstract: Broken authentication and access control are among the most critical vulnerabilities in web applications, often enabling attackers to bypass security mechanisms and gain unauthorized access.