SecAppDev 2024 - Authorization

This hands-on, interactive training will teach participants how their applications can benefit from external authorization and how they can implement this using Open Policy Agent (OPA), a modern solution to realize the PIP-PAP-PEP-PDP model and an accessible alternative to XACML-based solutions. OPA is application agnostic and allows writing policies as code in the Rego policy language. Through this policy engine, participants will learn how to manage access away from their applications, which will help them to address the current number one risk of the OWASP Top 10: Broken Access Control.

Learning goal: Participants will understand the benefits of externalizing authorization and will be able to do so in practice, while at the same time understanding the limitations of such an architecture.

Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.

Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments

A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.

Key takeaway: Learn when to use Macaroons vs other technologies for authentication tokens.