Access Control & Authorization

Proving the identity of a user isn’t the end of an application’s responsibilities: you must also verify the user is allowed to perform the actions they’re attempting. Conflating authentication (the act of identifying users) with authorization (the act of verifying their level of access within the system) is one of the most common ways applications have been breached in the recent past. Don’t fall victim to simple oversights and instead keep your application – and your users – safe.

By the end of this session, you will have learned:

  • The differences between the various access control systems that are available:
    Role-based
    Attribute-based
    Rule-based
    Risk-based
    … and more
  • How to integrate your PHP application with an access control system
  • How to gauge where authorization is necessary and where it potentially fails
Powered by Khore by Showthemes