Access Control Design Best Practices
Offered By: RSA Conference via YouTube
Course Description
Overview
Explore critical access control anti-patterns and best practices in this 40-minute webcast from RSA Conference. Learn about hard-coded security policies, horizontal access control issues, direct object reference problems, and "fail open" mechanisms. Discover positive access control principles for robust web and API-based applications. Delve into role-based checks, enforcement strategies, and centralized mechanisms. Examine real-world examples, including video game and digital shopping cart scenarios. Gain insights on implementing deny-by-default policies, server-side trusted data, and command patterns. Understand the importance of the Application Security Verification Standard in access control design.
Syllabus
Introduction
Agenda
Antipatterns
Problem
Best Practices
Video Game Example
RoleBased Check
Enforcement Check
Can the User View
Oak Framework
Dotnet
Database schema
Centralized mechanism
Presentation Layer
Command Pattern
Deny by Default
Serverside Trusted Data
Digital Shopping Cart
Access Control Best Practices
Application Security Verification Standard
Final Notes
Wrap Up
Taught by
RSA Conference
Related Courses
Master Mathematical Cryptography 2020: Crack Any CodeUdemy Cryptography from Scratch| Master Cryptography in Java
Udemy Information Security in Python
Udemy Cryptography
Caleb Curry via YouTube Linux for Programmers - Public-Private Key Authentication (RSA) and FTP
Tech with Tim via YouTube