Overview
Explore the critical issue of Broken Access Control in this 45-minute conference talk from the OWASP Foundation. Delve into why it tops the OWASP Top 10 list and learn about the challenges of implementing effective access control in cloud-native applications. Examine successful fine-grained access control systems used by major tech companies and understand why 94% of applications still struggle with broken access vulnerabilities. Compare role-based access control (RBAC) with more advanced approaches like attribute-based access control (ABAC) and relationship-based access control (ReBAC). Discover the emerging ecosystems of policy-as-code and policy-as-data, focusing on Open Policy Agent (OPA) and Google's Zanzibar. Gain insights into cloud-native authorization principles and patterns, and learn about open-source projects for implementing fine-grained access controls in your applications and APIs.
Syllabus
Fixing Broken Access Control
Taught by
OWASP Foundation