YoVDO

Enforcing Authorization with Cryptography

Offered By: LASCON via YouTube

Tags

LASCON Courses Cryptography Courses Access Control Courses Authorization Courses Threat Modeling Courses

Course Description

Overview

Explore a developer-focused conference talk on enforcing authorization through cryptography. Learn about the risks of insecure direct object references and their inclusion in OWASP's Top 10 lists. Discover common solutions and their limitations, including indirect object reference maps and thorough authorization checks. Delve into a novel approach using cryptographically protected references, which balances computational time and memory requirements. Examine relevant attack vectors through threat modeling and compare secure design alternatives with benchmark results. Gain specific guidance on secure object references, access control, and database keys to share with development teams. Understand the trade-offs between security and performance in addressing this critical vulnerability.

Syllabus

Introduction
Agenda
The problem
Relevant Attacks
Common solutions
Direct object references
Sequential indirect object references
Random indirect references
Large memory footprint
Alternate approach
Referencing
Great
Benchmark Setup
Benchmark Results
Verification Time
Memory Usage
Identifier Size
Summary
Conclusions


Taught by

LASCON

Related Courses

Comparing WAF and RASP - Why?
LASCON via YouTube
API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale
LASCON via YouTube
Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube
Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube
Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube