Name: Authorization Is Where Your App Goes to Lie
Start: 2026-06-25T11:30:00+0200
End: 2026-06-25T12:15:00+0200

Authorization Is Where Your App Goes to Lie

Thursday June 25, 2026 11:30am - 12:15pm CEST

Hall D (Level -2)

Your authorization logic probably lives in code, while the rationale behind it lives only in people’s heads.

That’s why authorization breaks in familiar ways: a missing check, an incorrect assumption, a copied snippet that made sense in one endpoint but was entirely wrong for another.

This talk is about making authorization logic visible earlier, during design, so engineers have something concrete to implement and reviewers have something concrete to critique. We’ll walk through a lightweight, design-time template that turns “who should be able to do what” into a structured artifact that can later be translated into policy-as-code, tested, and enforced consistently.

No new tools required; the focus is on a design-time step that fits cleanly into architecture reviews and threat modeling, and makes authorization easier to get right.

Speakers

Eden Yardeni

Senior AppSec Engineer

Eden Yardeni works in application security, and contributes to OWASP projects including ASVS. She previously worked as a full-stack developer, but moved into application security when she heard there would be cookies. linkedin.com/in/eden-yardeni/
... Read More →

Thursday June 25, 2026 11:30am - 12:15pm CEST
Hall D (Level -2)

Planning and Design

Audience Intermediate

OWASP Global AppSec EU 2026 Vienna

Eden Yardeni

Get help with the event

OWASP Global AppSec EU 2026 Vienna

Eden Yardeni

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Get help with the event