This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Test Role Definitions (OTG-IDENT-001)"
From OWASP
(Created page with "== Summary == It is common amongst modern enterprises to define system roles to manage users and authorization to system resources. == Test objectives == Validate the syst...") |
|||
| Line 14: | Line 14: | ||
== References == | == References == | ||
| + | |||
| + | [https://www.bookdepository.co.uk/Role-Engineering-for-Enterprise-Security-Management-Edward-Coyne/9781596932180 Role Engineering for Enterprise Security Management, E Coyne & J Davis, 2007] | ||
[http://csrc.nist.gov/groups/SNS/rbac/standards.html Role engineering and RBAC standards] | [http://csrc.nist.gov/groups/SNS/rbac/standards.html Role engineering and RBAC standards] | ||
== Remediation == | == Remediation == | ||
| + | |||
| + | Role Engineering | ||
| + | |||
| + | Mapping of business roles to system roles | ||
| + | |||
| + | Separation of Duties | ||
Revision as of 14:30, 28 July 2013
Summary
It is common amongst modern enterprises to define system roles to manage users and authorization to system resources.
Test objectives
Validate the system roles defined within the application sufficiently define and separate each system and business role
How to test
Example
Tools
References
Role Engineering for Enterprise Security Management, E Coyne & J Davis, 2007
Role engineering and RBAC standards
Remediation
Role Engineering
Mapping of business roles to system roles
Separation of Duties
