Broken Function Level Authorization

Twitter, DNS and Active Directory are all vulnerable to reflection attacks. If you can control that, then basically you can incur additional charges or even deadels from other services. This is a broken function level authorization. We don't access data, we access a functionality. So as it's the same thing, but this time we were accessing some functionality or a function as they call it in the list. All right. Ready for yet another broken authorization thing? It's number five on the list. I mean, we have had objects. We have had object properties. Now we're missing the functionality aspect.