Enforcing Authorization with Cryptography
Offered By: LASCON via YouTube
Course Description
Overview
Explore a developer-focused conference talk on enforcing authorization through cryptography. Learn about the risks of insecure direct object references and their inclusion in OWASP's Top 10 lists. Discover common solutions and their limitations, including indirect object reference maps and thorough authorization checks. Delve into a novel approach using cryptographically protected references, which balances computational time and memory requirements. Examine relevant attack vectors through threat modeling and compare secure design alternatives with benchmark results. Gain specific guidance on secure object references, access control, and database keys to share with development teams. Understand the trade-offs between security and performance in addressing this critical vulnerability.
Syllabus
Introduction
Agenda
The problem
Relevant Attacks
Common solutions
Direct object references
Sequential indirect object references
Random indirect references
Large memory footprint
Alternate approach
Referencing
Great
Benchmark Setup
Benchmark Results
Verification Time
Memory Usage
Identifier Size
Summary
Conclusions
Taught by
LASCON
Related Courses
Comparing WAF and RASP - Why?LASCON via YouTube API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale
LASCON via YouTube Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube