Description: Many (most?) of the familiar security problems of the Web can be understood as instances of broken access control once one adopts a generalized view of access control that leaves behind the user centric approaches of the 1970s and 1980s. We will propose a framework for discussing access control in the Web with a particular focus on the web of entities owning sensitive resources, defining policies, and enforcing policies, and on the questions of trust arising in this context. I.e., why should an entity receiving a policy trust that this policy is in its own interest and/or in the interest of the owner of the resource the policy refers to.
For More Inforamtion please visit : - https://appsec.eu/
Tags: securitytube , hacking , hackers , information security , convention , computer security , OWASP-AppsecEU13 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.