Cornucopia - Ecommerce Website - AT 10
Pravin can bypass authentication controls because a centralized standard, tested and approved authentication module/framework/service, separate to the resource being requested, is not being used.
Centralized authentication routines are a good programming practice, but like other routines, developers need to understand how they work, how to use them and any limitations. These should preferably be the framework's in-built authentication support. I If third party authentication libraries are used, it is important to test each routine before its implementation.
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|