To answer this question, let's go through each option to understand why it is correct or incorrect:
Option A) The configuration management - This option is incorrect because forced browsing attacks do not directly target configuration management. Forced browsing attacks involve accessing unauthorized directories or files by manipulating URLs or paths.
Option B) The session management - This option is incorrect because forced browsing attacks do not directly target session management. Forced browsing attacks focus on accessing unauthorized information, not manipulating session data.
Option C) The change management process - This option is incorrect because forced browsing attacks do not directly target the change management process. Forced browsing attacks involve accessing unauthorized directories or files, rather than exploiting weaknesses in the change management process.
Option D) The authorization process - This option is correct because a successful forced browsing attack indicates a vulnerability in the authorization process. Forced browsing attacks involve accessing unauthorized directories or files by manipulating URLs or paths. If the authorization process is not properly implemented, attackers can bypass access controls and gain unauthorized access to sensitive information.
The correct answer is D) The authorization process. This option is correct because forced browsing attacks exploit vulnerabilities in the authorization process, allowing unauthorized access to protected resources.