From the course: Programming Foundations: Secure Coding
Join today to access over 23,200 courses taught by industry experts.
Authorization and access control issues
From the course: Programming Foundations: Secure Coding
Authorization and access control issues
- Providing authentication for an application is only half the battle. You also need to provide the rules around what that person can access. This is called authorization, and faulty authorization can lead to security defects that often are hard to track down. So let's start with the basics of what issues exist around authorization. Often, defects arise in this arena because we either have access control lists in place, but they aren't applied correctly, or they simply haven't been applied. In either case, a user could get access to resources or data that he or she shouldn't have access to. Consider the use case where your site has a user portion and an administrator portion. If you don't have solid access control lists, your users could access your admin section of your site. This obviously give them more control that they should ever have access to. Now consider that in your admin site, you can see all the demographic…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.