[email protected]

Basics of Web Application Security: Authorize Actions

input validation
positive validation
whitelisting.
negative validation
blacklisting
output encoding
parameter binding
Don’t ever do this
hash
salt
key derivation functions
key stretching
work factor
Authentication confirms that a user is who they claim to be
Authorization defines whether a user is allowed to do something
Session management makes it possible to relate requests made by a particular user
find an existing, mature framework
use an existing, mature framework
session fixation
principal
actor
authorization
not
only
Policy
action
resource
role-based access control (RBAC)
roles
permissions
attribute-based access control (ABAC)
external DSL
Link

comments powered by Disqus