LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

Authorization

Authorization

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Authorization

“

- [Instructor] Strong authentication controls can go a long way toward keeping the wrong people from gaining access to sensitive data within your apps, but how can you distinguish between who should have access to certain data and who shouldn't? This is where authorization controls come into the equation. Authorization controls focus on granting users the appropriate level of access to specific resources within your app. If your users can really prove they are who they say they are, then proper authorization controls will enable those users to do what they came to do after they log in. Broken authorization controls can prevent users from being able to use the app which represents an availability risk. The bigger risk though is when someone bypasses broken authorization controls and gains access to something they shouldn't be able to access. This represents a risk to both the confidentiality and the integrity of the data. You're likely to hear the term access controls used when…

Contents