[Owasp-france] Meeting OWASP 28 Mars 2012

Sebastien Gioria sebastien.gioria at owasp.org
Thu Mar 8 11:58:50 UTC 2012


Bonjour,



Le meeting du premier trimestre aura lieu le 28/03 à partir de 18h, ouverture des portes à 17h30.
Titre de la présentation (en anglais) : Web Application Access Control Design Excellence.

Abstract: Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.
Speaker : Jim Manico 
Jim Manico is the VP of Security Architecture at WhiteHat Security. Jim has been a web application developer since 1997. He has also been an active member of OWASP since 2008 supporting projects that help developers write secure code.

Lieu : 
Groupe Y Audit
69 Rue de la Boëtie 
75008 Paris
France 
Wednesday, March 28, 2012 from 5:30 PM to 7:30 PM (GMT+0100)


Enregistrement  (non obligatoire, mais mieux pour gérer la place) : http://201203owaspfr.eventbrite.com/

Attention, le nombre de places est limité si vous voulez être assis sur un siège... (si plus de monde que prévu, on verra comment on gère la place ;)

S.

---
Sebastien GIORIA  - sebastien.gioria at owasp.org
French OWASP Co-Leader
OWASP Global Education Committee Member
GSM: +33 (0)6 23 04 00 51

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-france/attachments/20120308/e2062e93/attachment-0001.html>


More information about the Owasp-france mailing list