Broken Access Control, identified as the top vulnerability in the OWASP Top 10 list of 2021, affects 94% of tested web applications by failing to properly restrict user access to various functions and data. This vulnerability arises when access control mechanisms are not well-designed from the beginning or when they become overly complex as applications grow. The potential impact ranges from exposure of trivial information to complete system takeover, as demonstrated by a Twitter vulnerability where a user could delete another's account by altering request parameters. Detecting Broken Access Control involves testing for unauthorized access to restricted areas or altering user IDs to access other users' data, which can be done using tools like Detectify. To mitigate such vulnerabilities, it's crucial to implement a default-deny policy, granting access only to specific roles as needed, and logging failed access attempts for proper configuration.