Skip to navigation Skip to main content Skip to footer

Research Blog

Insights and research from our global cybersecurity team.

Filter content

Reset filters

Toxic Tokens: Using UUIDs for Authorization is Dangerous (even if they’re cryptographically random)

Authorization vulnerabilities continue to be one of the largest and most difficult to remediate classes of vulnerabilities that affect web applications. Compared to other vulnerability classes like XSS or SQL injection, there are no frameworks or design patterns which can be used to prevent authorization flaws at a fundamental level (although this is an area […]


10 May 2021

Code Patterns for API Authorization: Designing for Security

Summary This post describes some of the most common design patterns for authorization checking in web application code. Comparisons are made between the design patterns to help understand when each pattern makes sense as well as the drawbacks of the pattern. For developers and architects, this post helps you to understand what the different code […]