Home » Secure Development: Identity and Access Management

Secure Development: Identity and Access Management

Main Speaker

Yaniv Yechezkel

Learning Tracks

Code, Cyber

Course ID

42793

Date

25/11/2025

Time

Daily seminar
9:00-16:30

Location

Daniel Hotel, 60 Ramat Yam st. Herzliya

Overview

Whether you’re building a login flow, integrating OAuth, or managing access control across microservices, understanding IAM is essential. Identity is at the heart of modern application security, and its implementation affects everything from user experience to regulatory compliance. As systems grow more distributed and interconnected, the need for secure, scalable, and standards-based identity solutions becomes critical. This seminar bridges the gap between theory and practice, giving developers the tools to make informed decisions and avoid common pitfalls.

Who Should Attend

Software Architect
Teams Leaders
Developers
Product Managers.

Prerequisites

Course Contents

IAM Fundamentals

IAM Services and Features
IAM Fundamental Elements
Zero Trust Security Model

Application Security Risks and Mitigations

Introduction to OWASP
OWASP Top 10 Overview
A01:2021 – Broken Access Control
A07:2021 – Identification and Authentication Failures

Identity Management

Federated Identity and Single Sign-On (SSO)
Authentication Factors
Multi-Factor Authentication (MFA)
Authentication Methods
Session and Token Management
Common Attacks and Mitigations

Access Control Management

Role-Based Access Control (RBAC)
Attribute-Based Access Control (ABAC)
Policy-Based Access Control (PBAC)
Challenges and Best Practices

Standards and Protocols

Introduction to the IETF
Understanding RFCs

JSON Web Token (JWT)

JSON Web Token (JWT)
JSON Object Signing and Encryption (JOSE)

Open Authorization (OAuth)

OAuth 2.0
Bearer Tokens

OpenID Connect (OIDC)

OpenID Connect (OIDC)