Web Application Security Design Inspection Questions - Authorization

From Guidance Share

Revision as of 22:46, 25 November 2006; Admin (Talk | contribs)
(diff) ←Older revision | Current revision | Newer revision→ (diff)
Jump to: navigation, search

- J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan


Contents

Authorization Vulnerabilities

Examine how your application authorizes its users. Also examine how your application is authorized inside the database and how access to system-level resources is controlled. Authorization vulnerabilities can result in information disclosure, data tampering, and elevation of privileges. A defense in depth strategy is the key security principle that you can apply to the authorization strategy of your application.

Review the following questions to help validate the authorization strategy of your application design:

  • How do you authorize end users?
  • How do you authorize the application in the database?
  • How do you restrict access to system-level resources?


How do you authorize end users?

How do you authorize the application in the database?

How do you restrict access to system-level resources?

Personal tools