This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - AT J

From OWASP
Jump to: navigation, search
Cornucopia - Ecommerce Website AT J.png

Suit: Authentication

Card/Value: J

Description:

Mark can access resources or services because there is no authentication requirement, or it was mistakenly assumed authentication would be undertaken by some other system or performed in some previous action.

Technical Note:

For each entry point, check and test that the correct degree of authentication is required and occurs. Ensure this includes:

  • Access to remote systems.
  • APIs.
  • Non HTML content (e.g. files, images).
  • Reporting.
  • Any other 'internal' functionality.

The key concept for this card is missing authentication. See AT Q for inconsistent authentication and AT K for changing the executing authentication code.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
23 2.1 115 14
32 28
34


« Previous Card | Authentication | Next Card »