Access Control Design Best Practices
Offered By: RSA Conference via YouTube
Course Description
Overview
Explore critical access control anti-patterns and best practices in this 40-minute webcast from RSA Conference. Learn about hard-coded security policies, horizontal access control issues, direct object reference problems, and "fail open" mechanisms. Discover positive access control principles for robust web and API-based applications. Delve into role-based checks, enforcement strategies, and centralized mechanisms. Examine real-world examples, including video game and digital shopping cart scenarios. Gain insights on implementing deny-by-default policies, server-side trusted data, and command patterns. Understand the importance of the Application Security Verification Standard in access control design.
Syllabus
Introduction
Agenda
Antipatterns
Problem
Best Practices
Video Game Example
RoleBased Check
Enforcement Check
Can the User View
Oak Framework
Dotnet
Database schema
Centralized mechanism
Presentation Layer
Command Pattern
Deny by Default
Serverside Trusted Data
Digital Shopping Cart
Access Control Best Practices
Application Security Verification Standard
Final Notes
Wrap Up
Taught by
RSA Conference
Related Courses
Software Engineering for SaaSUniversity of California, Berkeley via Coursera MongoDB for Developers
MongoDB University Android: introducción a la programación
Universitat Politècnica de València via UPV [X] Extending SAP Products with SAP HANA Cloud Platform
SAP Learning Two Speed IT: How Companies Can Surf the Digital Wave, a BCG Perspective
École Centrale Paris via Coursera