Detecting Insufficient Access Control in Web Applications.
George NoseevichAndrew PetukhovPublished in: SysSec@DIMVA (2011)
Keyphrases
- web applications
- access control
- dynamic access control
- data security
- web services
- security policies
- end users
- application developers
- access control policies
- application development
- security mechanisms
- database security
- access control models
- role based access control
- access control mechanism
- database
- security requirements
- website