This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Access control"

Jump to: navigation, search
(Redirected page to Authorization)
Line 1: Line 1:
#REDIRECT [[Authorization]]
#REDIRECT [[Authorization]]
Check [[Broken Access Control]] for contents.
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
A control (countermeasure or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.
# Start with a one-sentence description of the control
# How does the countermeasure work?
# What are some examples of implementations of the control (steer clear of specific products)
==Risk Factors==
* Talk about the [[OWASP Risk Rating Methodology|factors]] that this control affects
* What effect does this countermeasure have on the attack or vulnerability?
* Does this control reduce the technical or business impact?
==Difficulty to Implement==
* Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
* Steer clear of language/platform specific information here
===Short example name===
: A short example description, small picture, or sample code with [ links]
===Short example name===
: A short example description, small picture, or sample code with [ links]
==Related [[Attacks]]==
* [[Attack 1]]
* [[Attack 2]]
==Related [[Vulnerabilities]]==
* [[Vulnerability 1]]
* [[Vulnerabiltiy 2]]
Note: the contents of "Related Problems" sections should be placed here
==Related [[Controls]]==
* [[Control 1]]
* [[Control 2]]
Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here
* [ Title for the link2]
In addition, one should classify control based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Control]]</nowiki>
Availability Control
Authorization Control
Authentication Control
Concurrency Control
Configuration Control
Cryptographic Control
Encoding Control
Error Handling Control
Input Validation Control
Logging and Auditing Control
Session Management Control

Latest revision as of 22:13, 26 February 2016

Redirect to: