This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP AppSec DC 2012/Access Control Designs and Pitfalls

From OWASP
Jump to: navigation, search

AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control anti-patters (problems), we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.

The Speakers

Jim Manico

Jim Manico is the VP of Security Architecture for WhiteHat Security. Jim is part of the WhiteHat Static Analysis Software Testing (SAST) team, leading the data-driven, Web service portion of the SAST service. He also provides secure coding and developer awareness training for WhiteHat using his 7+ years of experience delivering developer-training courses for SANS, Aspect Security and others.

Jim brings 15 years of database-driven Web software development and analysis experience to WhiteHat. He has helped deliver Web-centric software systems for Sun Microsystem, Fox Media (MySpace), several Fortune 500's, and major NGO financial institutions. He holds expertise in a variety of areas, includingWeb-based J2EE development, thick-client and applet-based Java applications, hybrid Java, C++ and Flash applications, Web-based PHP applications, rich-media Web applications using advanced Ajax techniques, Python REST Webservice development, and Database technology using Oracle, MySQL and Postgres.

A host of the OWASP Podcast Series, Jim is the committee chair of the OWASP Connections Committee and is a significant contributor to various OWASP projects.

Jim works on the beautiful island of Kauai, Hawaii where he lives with his wife Tracey.


Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

SPL-LOGO-MED.png

Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg