Although authorization sounds similar to authentication and a relationship between the two exists, they are not the same and play a different role in the data security process.

In 2021, Broken Access Control moved up from the fifth to the first position in the OWASP Top10. Besides, I did report some serious vulnerabilities to SaaS companies regarding unhandled authorization in the last months.

That's why it is important to know the difference between the two and what else to take care of to protect resources and information from being read or altered by third parties which should be prevented from doing so in order to secure web applications.

The number of data leaks including hashed passwords have increased from year to year and with the rising number of web applications, they will continue this path.
In these dumps, lots of passwords of older accounts were hashed by the insecure SHA1 or even the absolutely unsafe MD5 algorithm.
Data security doesn't get the love it should get. Time to act.