Best of AuthorizationFebruary 2023

  1. 1
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·3y

    API Security for Developers

    This post provides a high-level checklist for developers to securely develop APIs, covering all OWASP Top 10 API security issues. It emphasizes the importance of secure APIs and the risks they pose. The checklist includes recommendations for broken object-level authorization, broken authentication, excessive data exposure, lack of resources and rate limiting, broken function level authorization, mass assignment, security misconfiguration, injection, improper assets management, and insufficient logging and monitoring.

  2. 2
    Article
    Avatar of permitioPermit.io·3y

    AuthN vs. AuthZ: Understanding the Difference

    Authentication is the process of verifying the identity of a user or entity, while authorization is the process of granting or denying access to specific resources based on a user's verified identity. Authentication methods include username and password, and biometric authentication. Authorization is managed through policies, such as Role Based Access Control and Attribute Based Access Control.

  3. 3
    Article
    Avatar of cerbosCerbos·3y

    Accessing Protected Resources in Next.js with Prisma

    Learn how to integrate Next.js and Prisma with Cerbos to create dynamic and secure web applications. Configure a SQLite database with Prisma, use getServerSideProps function in Next.js for authorization, and deploy the app to Vercel. Adapt the code to use PostgreSQL and deploy Cerbos in a production environment.

See all Authorization archives