Tag: Authorization
The Application Protection Research Series is an ongoing project at F5 Labs that provides an overarching view of the application security landscape. While detailed analyses of specific attacks are critical for defenders to adapt to emerging techniques, it is easy to overemphasize tactics over strategy if those kinds of analyses are the only thing we…
Read MoreWhat Is the Principle of Least Privilege? Information security is a complex, multifaceted discipline built upon many foundational principles. The three most important—confidentiality, integrity, and availability (the CIA triad)—are considered the goals of any information security program. A supporting principle that helps organizations achieve these goals is the principle of least privilege. The principle of…
Read MoreWhat Is Authorization? Once a subject is authenticated, authorization (abbreviated as AuthZ) is the process of determining whether the given identity (for example, a user) is allowed to access the requested resource and, if so, what actions they are allowed to take. The goal is to give authenticated users access to the resources (such as…
Read More