PLAYER: player1 | XP: 500 | LEVEL: 4

MISSION 5 — CLIENT-SIDE ACCESS CONTROL FAILURE

Scenario: Internal admin dashboard uses frontend logic to hide sensitive tools.

Developers mistakenly assumed hiding elements = securing them.

OWASP Concept: Broken Access Control

Real-world issue: Security decisions must NEVER rely only on the browser.