YoVDO

Access Control Design Best Practices

Offered By: RSA Conference via YouTube

Tags

RSA Conference Courses Application Development Courses API Security Courses

Course Description

Overview

Explore critical access control anti-patterns and best practices in this 40-minute webcast from RSA Conference. Learn about hard-coded security policies, horizontal access control issues, direct object reference problems, and "fail open" mechanisms. Discover positive access control principles for robust web and API-based applications. Delve into role-based checks, enforcement strategies, and centralized mechanisms. Examine real-world examples, including video game and digital shopping cart scenarios. Gain insights on implementing deny-by-default policies, server-side trusted data, and command patterns. Understand the importance of the Application Security Verification Standard in access control design.

Syllabus

Introduction
Agenda
Antipatterns
Problem
Best Practices
Video Game Example
RoleBased Check
Enforcement Check
Can the User View
Oak Framework
Dotnet
Database schema
Centralized mechanism
Presentation Layer
Command Pattern
Deny by Default
Serverside Trusted Data
Digital Shopping Cart
Access Control Best Practices
Application Security Verification Standard
Final Notes
Wrap Up


Taught by

RSA Conference

Related Courses

Master Mathematical Cryptography 2020: Crack Any Code
Udemy
Cryptography from Scratch| Master Cryptography in Java
Udemy
Information Security in Python
Udemy
Cryptography
Caleb Curry via YouTube
Linux for Programmers - Public-Private Key Authentication (RSA) and FTP
Tech with Tim via YouTube