10 Authorization vulnerabilities

In this chapter

How authorization is part of the domain logic of your application
How to document authorization rules
How to organize your URLs to keep authorization transparent
How to check authorization at the code level
How to catch common flaws in authorization

A typical quick-start guide for a web application covers a bunch of familiar topics: how to initialize the application, how to route URLs to particular classes or functions, how to read HTTP requests, how to write HTTP responses, how to render templates, how to use sessions, and often how to plug in an authentication system. The counterpart of authentication (identifying users when they interact with your application) is authorization (ensuring that ...

Get Grokking Web Application Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Grokking Web Application Security by Malcolm McDonald

10 Authorization vulnerabilities

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly