adporn.net Improper authorization - Cybersecurity Foundations: Application Security Video Tutorial | LinkedIn Learning, formerly Lynda.com

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Cybersecurity Foundations: Application Security

Unlock the full course today

Join today to access over 24,500 courses taught by industry experts.

Improper authorization

Improper authorization

From the course: Cybersecurity Foundations: Application Security

Start my 1-month free trial Buy for my team

Improper authorization

“

- [Instructor] When developing the access control mechanisms for an application, after you confirm that a user is indeed who they say they are, also known as authentication, you then need to assign them rights and roles on the system. This is known as authorization. Basic system rights include administrator that typically has full access to the system, user that can perform general functions, and reader with read-only access to the system. More complex systems have more complex rights and roles, depending on the organizational context. Authorization should be assigned in-line with the information security principle of least privilege, which is to assign a user the least amount of permissions needed for them to execute their work. Improper authorization occurs when a logged-in user is able to perform functions beyond the rights that have been assigned to them. Not to be confused with improper authentication,…

Contents