Fixing Broken Access Control - Cloud-Native Authorization Principles and Patterns
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the critical issue of Broken Access Control in this 45-minute conference talk from the OWASP Foundation. Delve into why it tops the OWASP Top 10 list and learn about the challenges of implementing effective access control in cloud-native applications. Examine successful fine-grained access control systems used by major tech companies and understand why 94% of applications still struggle with broken access vulnerabilities. Compare role-based access control (RBAC) with more advanced approaches like attribute-based access control (ABAC) and relationship-based access control (ReBAC). Discover the emerging ecosystems of policy-as-code and policy-as-data, focusing on Open Policy Agent (OPA) and Google's Zanzibar. Gain insights into cloud-native authorization principles and patterns, and learn about open-source projects for implementing fine-grained access controls in your applications and APIs.
Syllabus
Fixing Broken Access Control
Taught by
OWASP Foundation
Related Courses
Learning the OWASP Top 10LinkedIn Learning OWASP Top 10: #5 Broken Access Control and #6 Security Misconfiguration
LinkedIn Learning Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals
EC-Council via FutureLearn Pentesting with Daniel Slater (Ethical Hacking/Web Security)
Udemy OWASP Top 10: API Security Playbook
Pluralsight