[Owasp-france] Meeting OWASP Paris le 28 Mars 2012 à 18h

Sebastien Gioria sebastien.gioria at owasp.org
Thu Mar 8 13:39:34 UTC 2012


Bonjour,



Le meeting du premier trimestre aura lieu le 28/03 à partir de 18h,
ouverture des portes à 17h30.
Titre de la présentation (en anglais) : Web Application Access Control
Design Excellence.

Abstract: Access Control is a necessary security control at almost
every layer within a web application. This talk will discuss several
of the key access control anti-patterns commonly found during website
security audits. These access control anti-patterns include hard-coded
security policies, lack of horizontal access control, and "fail open"
access control mechanisms. In reviewing these and other access control
problems, we will discuss and design a positive access control
mechanism that is data contextual, activity based, configurable,
flexible, and deny-by-default - among other positive design attributes
that make up a robust web-based access-control mechanism.
Speaker : Jim Manico
Jim Manico is the VP of Security Architecture at WhiteHat Security.
Jim has been a web application developer since 1997. He has also been
an active member of OWASP since 2008 supporting projects that help
developers write secure code.

Lieu :

Groupe Y Audit
69 Rue de la Boëtie
75008 Paris
France

Wednesday, March 28, 2012 from 5:30 PM to 7:30 PM (GMT+0100)



Enregistrement  (non obligatoire, mais mieux pour gérer la place) :
http://201203owaspfr.eventbrite.com/

Attention, le nombre de places est limité si vous voulez être assis
sur un siège... (si plus de monde que prévu, on verra comment on gère
la place ;)

S.

---
Sebastien GIORIA  - sebastien.gioria at owasp.org
French OWASP Co-Leader
OWASP Global Education Committee Member
GSM: +33 (0)6 23 04 00 51


More information about the Owasp-france mailing list