Explore potential authorization and access control issues, the risks associated with them, and learn how to avoid them.
- Providing authentication for an application…is only half the battle.…You also need to provide the rules…around what that person can access.…This is called authorization, and faulty authorization…can lead to security defects that often…are hard to track down.…So let's start with the basics of what issues exist…around authorization.…Often, defects arise in this arena…because we either have access control lists in place,…but they aren't applied correctly,…or they simply haven't been applied.…
In either case, a user could get access to resources…or data that he or she shouldn't have access to.…Consider the use case where your site has a user portion…and an administrator portion.…If you don't have solid access control lists,…your users could access your admin section of your site.…This obviously give them more control…that they should ever have access to.…Now consider that in your admin site,…you can see all the demographic and personal details…of your customers.…
Imagine not only the negative publicity…your application would receive, but even more importantly,…
AuthorFrank P Moley III
- Understanding attackers and risks
- Documenting your risks
- Issues related to web client–server interactions
- Issues related to thick app and client–server interactions
- Authorization and cryptography issues
- Implementing security in each phase of the software development life cycle
Skill Level Beginner
Web Security: OAuth and OpenID Connectwith Keith Casey1h 26m Intermediate
Programming Foundations: Design Patternswith Elisabeth Robson2h 19m Intermediate
What you need to know1m 35s
1. Security and Risk Overview
2. Web Client Server Interaction Code Issues
3. Thick App and Client-Server Interaction Issues
4. Crypto and Security Misuse Issues
5. Security in the SDLC
Next steps2m 10s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.