authorization
Safeguard articles tagged "authorization" — guides, analysis, and best practices for software supply chain and application security.
25 articles
Agent-to-Agent Security in Multi-Agent Systems
Multi-agent systems inherit every trust problem of single-agent systems and add a few more. Here is how the threat model actually shifts.
What Is Access Control?
Access control decides who can reach a resource and what they can do with it. Learn the common models, how enforcement works, and why least privilege is the guiding rule.
AI Agent Tool-Scope Enforcement Patterns
Agents get tool lists, not tool boundaries. We walk through scoping patterns that actually hold when Claude 4 or GPT-5 picks the wrong function at runtime.
AI Tool Confused-Deputy: A Deep Dive
The confused deputy problem takes on new and subtle forms when AI agents invoke tools on behalf of users. A technical deep dive with concrete mitigations.
MCP Server Authentication and Authorization: Securing the AI Tool Layer
The Model Context Protocol enables AI agents to interact with external tools and data sources. Securing MCP servers requires authentication, authorization, and input validation patterns specific to the AI agent context.
What Is ABAC (Attribute-Based Access Control)
ABAC decides access by evaluating attributes of the user, resource, action, and environment against policy rules. Learn how it works and when to choose it over roles.
What Is RBAC (Role-Based Access Control)
RBAC grants permissions to roles, then assigns people to roles. Learn how this model simplifies access management, its core parts, and where it fits best.
What Is OAuth
OAuth lets one app access your data in another without ever seeing your password. Learn how delegated access works, what tokens and scopes do, and why it matters.
What Is Authorization
Authorization decides what an already-verified identity is allowed to do. Learn how it differs from authentication, how permission checks work, and the models that power them.
Privilege Escalation in Web Applications: Attacks and Defenses
Privilege escalation vulnerabilities let attackers elevate their access level within an application. This guide covers both vertical and horizontal escalation techniques, real-world patterns, and concrete defenses.
Authorization Vulnerabilities: Prevention and Best Practices
Authorization flaws let authenticated users access resources and perform actions beyond their intended permissions. Learn the most common authorization vulnerabilities and how to build robust access control systems.
Broken Access Control: The Number One Web Vulnerability and How to Fix It
Access control moved to the top of the OWASP Top 10 in 2021. Here is why it is so hard to get right and what a solid authorization architecture looks like.