Tanner Prynn

Toxic Tokens: Using UUIDs for Authorization is Dangerous (even if they’re cryptographically random)

Authorization vulnerabilities continue to be one of the largest and most difficult to remediate classes of vulnerabilities that affect web applications. Compared to other vulnerability classes like XSS or SQL injection, there are no frameworks or design patterns which can be used to prevent authorization flaws at a fundamental level…

Read more

May 10, 2021

6 mins read

Read more

Code Patterns for API Authorization: Designing for Security

Summary This post describes some of the most common design patterns for authorization checking in web application code. Comparisons are made between the design patterns to help understand when each pattern makes sense as well as the drawbacks of the pattern. For developers and architects, this post helps you to…

Read more