Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-authorization

A curated list of information and resources about authorization.
https://github.com/warrant-dev/awesome-authorization

Last synced: 6 days ago
JSON representation

Security Concerns
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- OWASP API Security Top 10 2019 - List of the top 10 security risks for APIs.
- OWASP Top 10 for 2021 - List of the top 10 web application security risks. Broken access control is [#1](https://owasp.org/Top10/A01_2021-Broken_Access_Control/) on the list.
- IDOR & How to Protect Against It
- The Rise of IDOR
- What is IDOR?
- Broken Object Level Authorization
- Identity Thieves Bypassed Experian Security to View Credit Reports
- Building a Modern Zero Trust Strategy - Overview of 'zero trust' security by [Newstack](https://thenewstack.io/). (Need to enter email to download e-book)
- Retrospective on Coinbase Trading IDOR Vuln - Retrospective by the Coinbase team detailing remediation of an IDOR/validation bug found via bug bounty.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Millions of people's data stolen because web devs forget to check access perms - CISA, NSA and the Australian Cyber Security Centre alert on the prevalence and danger of IDOR attacks.
- Broken Function Level Authorization - API incorrectly relies on the client to use the correct access level making it susceptible to hackers.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
- Why Broken Access Control is the Most Severe Vulnerability - Overview of broken access control exploits including IDOR as well as best practices.
Authz In Practice
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- How We Built a Custom Permissions DSL at Figma - Summary of how Figma built a custom permissions DSL for their product.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- GitHub Secret Scanning - How GitHub scans repos to search for exposed secrets.
- Open Policy Agent - A policy-based framework for authorization and access control.
- Stripe API Docs - Stripe's approach to issuing and managing API keys securely.
- XACML - Standard that defines the "Extensible Access Control Markup Language," a declarative fine-grained, attribute-based access control policy language.
- Intuit AuthZ - Post detailing Intuit's implementation of an XACML-based authz service.
- Why Google Zanzibar Shines at Building Authorization - A blog post detailing why Google Zanzibar is especially well suited to solving application authorization.
- Airbnb Himeji - Based on Zanzibar.
- Carta AuthZ - Also based on Zanzibar.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Authorization Solutions for Microservices Architecture - How AppsFlyer approaches authz in their microservices architecture.
- Reddit - Evolving Authorization for Our Advertising Platform - Summary of Reddit's internal fine-grained authz system built for the advertising platform.
- Attribute-Based Access Control at Uber - Summary of Uber's internal, centralized ABAC system used within its microservices architecture.
- Learnings from Building a Simple Authorization System (ABAC) - Ubicloud's learnings from building a simple ABAC authz system.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Authorization at LinkedIn’s Scale - Summary of LinkedIn's high-performance authz system used within its microservices architecture.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- What's the Best Authorization Framework? None At All - Opinionated blog post detailing Betterment's approach to authz.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- What's the Best Authorization Framework? None At All - Opinionated blog post detailing Betterment's approach to authz.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
- Securing Apache Airflow UI With DAG Level Access - How Lyft set up fine-grained (DAG-level) access control on top of Apache Airflow.
Useful Articles & Tutorials
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- API Tokens: A Tedious Survey - An overview of different approaches to API security.
- Ask HN: Best Practices for Web Authorization? (2016) - HN discussion about application authorization best practices.
- Authorization in a Microservices World - Covers approaches to authorization in microservices.
- AWS - Authz & Access Control for SaaS Multi-tenant Apps - How-to/implementation guide for authz in multi-tenant apps using AWS.
- Best Practices for Building Secure API Keys - Covers hashing, storage and key retrieval.
- How To Structure Permissions In A SaaS App - Talks about approaches to RBAC, ACLs etc in SaaS apps.
- Implementing Role Based Access Control - How-to/implementation guide for basic RBAC in an application.
- Permissions Systems: Category Notes - An overview of the permissions systems landscape.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- What Do Authentication and Authorization Mean in Zero Trust? - How to think about Authn and Authz within a Zero Trust Architecture.
- Feature Flags and Authorization Abstract the Same Concept - A blog post comparing the many similarities and subtle differences between feature flagging and authorization.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
- Web App Access Control Design - A presentation highlighting best practices for implementing access control in web apps.
Overview
- NIST Authorization Definition - "The process of verifying that a requested action or service is approved for a specific entity".
Authentication vs. Authorization
- Authentication - Determines *who* someone or something is (identity).
- Authorization - Determines *what* someone or something can do in a system (privileges and permissions).
- Understanding Authentication, Authorization, and Encryption - Quick comparison of authn, authz and encryption.
Access Control Models
- ABAC - Attribute based access control.
- DAC - Discretionary access control.
- GBAC - Graph based access control.
- MAC - Mandatory access control.
- OrBAC - Organization based access control.
- ReBAC - Relationship based access control.
- RBAC - Role based access control.
Best Practices
- OWASP Authorization Cheat Sheet & Recommendations - Authz overview and recommendations for best practices.
Videos & Talks

Ecosyste.ms: Awesome

awesome-authorization

Security Concerns

Authz In Practice

Useful Articles & Tutorials

Overview

Authentication vs. Authorization

Access Control Models

Best Practices

Videos & Talks