From the course: CSSLP Cert Prep: 1 Secure Software Concepts
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Complete mediation
From the course: CSSLP Cert Prep: 1 Secure Software Concepts
Complete mediation
- [Instructor] As soon we started putting sensitive information in web apps, we started restricting access to those apps. Whether it was by running those apps in locked rooms on segmented networks, or by restricting logins with usernames, passwords, and secret tokens, we've gone to great lengths to make sure that the person who logged in was authorized to access that data. Unfortunately, a one and done authorization check isn't enough to get the job done. We could and should perform additional authorization checks after a user has already logged in. As a matter of fact, we should check whether or not they're authorized to perform an action each and every time they try to do something within the app. We call this concept complete mediation. Some years back, I was hired to test the security of a web application that allowed users to self-register. I created my own account, and then stood up a web application proxy to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.