Explore the critical issue of Broken Access Control in this 45-minute conference talk from the OWASP Foundation. Delve into why it tops the OWASP Top 10 list and learn about the challenges of implementing effective access control in cloud-native applications. Examine successful fine-grained access control systems used by major tech companies and understand why 94% of applications still struggle with broken access vulnerabilities. Compare role-based access control (RBAC) with more advanced approaches like attribute-based access control (ABAC) and relationship-based access control (ReBAC). Discover the emerging ecosystems of policy-as-code and policy-as-data, focusing on Open Policy Agent (OPA) and Google's Zanzibar. Gain insights into cloud-native authorization principles and patterns, and learn about open-source projects for implementing fine-grained access controls in your applications and APIs.
Fixing Broken Access Control - Cloud-Native Authorization Principles and Patterns
Overview
Syllabus
Fixing Broken Access Control
Taught by
OWASP Foundation
Related Courses
-
OWASP Top 10: Broken Access Control
-
OWASP Top 10 - A01:2021 - Broken Access Control
-
OWASP Top 10 - Welcome and Risks 1-5
-
Modernizing Authorization for Cloud Native Applications Using OpenFGA
-
Web Defense Fundamentals
-
Building Modern Access-Control for Cloud Applications with Or Weis - SnykLIVE Recording
