OWASP Göteborg: Jim Manico
Thursday, March 22, 2012 from 6:00 PM to 9:00 PM (CET)
Jim Manico is a profile in the OWASP community, working with the OWASP podcasts and ESAPI amongst other things. During March he is doing a Nordic tour and will be visiting the chapters in Finland, Sweden, Norway and Denmark and we have the pleasure of welcoming him to Gothenburg on March 22.
Chalmers University of Technology is sponsoring the venue and will also provide some light snacks, coffee beer as well as non-alcoholic drinks. Jim's visit is made possible thanks to F5.
Please note that the event will be held in English.
Abstract: Web Application Access Control Design Excellence
Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms.
In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.
When & Where
Det lokala chaptret i Göteborg inom Open Web Application Security Project (OWASP)
Att bli medlem är enkelt och gratis - du behöver du bara gå med i mailinglistan.