[Owasp-france] The biggest problem in Application Security today

Ludovic Petit ludovic.petit at owasp.org
Wed Mar 14 12:38:13 UTC 2012


Un intéressant article, Page 27, de Jeremiah Grossman, CTO de WhiteHat
Security (www.whitehatsec.com).

http://www.net-security.org/dl/insecure/INSECURE-Mag-RSA2012.pdf



Je vous rappelle aussi que Jim Manico, VP of Security Architecture
at WhiteHat Security, sera notre invité au prochain Meeting OWASP le
Mercredi 28 Mars 2012 à 18h à Paris.

Enregistrement  (recommandé pour nous permettre la gestion des places) :
http://201203owaspfr.eventbrite.com/

Groupe Y Audit

69 Rue de la Boëtie

75008 Paris

(Métro ‘Saint-Philippe du Roule’)

Titre de la présentation (en Anglais) : *Web Application Access Control
Design Excellence*

*Abstract*: Access Control is a necessary security control at almost every
layer within a web application. This talk will discuss several of the key
access control anti-patterns commonly found during website security audits.
These access control anti-patterns include hard-coded security policies,
lack of horizontal access control, and "fail open" access control
mechanisms. In reviewing these and other access control problems, we will
discuss and design a positive access control mechanism that is data
contextual, activity based, configurable, flexible, and deny-by-default -
among other positive design attributes that make up a robust web-based
access-control mechanism.

Speaker : Jim Manico

Jim Manico is the VP of Security Architecture at WhiteHat Security. Jim has
been a web application developer since 1997. He has also been an active
member of OWASP since 2008 supporting projects that help developers write
secure code.


Bonne journée
-- 

Ludovic Petit

Chapter Leader OWASP France

OWASP Global Connections Committee


Mobile: +33 (0) 611 726 164

E-mail: ludovic.petit at owasp.org

LinkedIn: http://www.linkedin.com/in/lpetit

-------

Homepage: https://www.owasp.org/index.php/France

Mailing list: https://lists.owasp.org/mailman/listinfo/owasp-france
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-france/attachments/20120314/929896cc/attachment.html>


More information about the Owasp-france mailing list