The non-stop drum beat of data breaches and non-stop security issues show that a new approach to security is required writ large. Application security can be improved through fine-grained, dynamic access control. However not all application security issues are best solved with classic access control schemes. Attackers are intelligent and adaptable. For them, the access control scheme is the beginning of the game not the end. Determined attackers seek out access control models and then find holes that they can leverage.
Security is a business with a very long list of issues and requirements. The spreadsheets are miles long. This makes it essential to find reusable solution patterns that can address multiple problems.
- Clear code exampled to achieve concrete improvement on many of the most critical issues in the OWASP Top Ten list of high priority vulnerabilities
- Sample code, a guide to build and run the examples