Improving Web Application Security: Threats and Countermeasures
| Check | Description |
|---|---|
|
| Calling users are restricted using declarative or imperative principal permission checks (normally performed by business logic). |
|
| Calling code is restricted using identity permission demands in scenarios where you know and want to limit the calling code. |
|
| Application login is restricted in the database and can only execute selected stored procedures. Application's login has no direct table access. |
Категории