This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Cornucopia - Ecommerce Website - AT J
From OWASP
Suit: Authentication
Card/Value: J
Description:
Mark can access resources or services because there is no authentication requirement, or it was mistakenly assumed authentication would be undertaken by some other system or performed in some previous action.
Technical Note:
For each entry point, check and test that the correct degree of authentication is required and occurs. Ensure this includes:
- Access to remote systems.
- APIs.
- Non HTML content (e.g. files, images).
- Reporting.
- Any other 'internal' functionality.
The key concept for this card is missing authentication. See AT Q for inconsistent authentication and AT K for changing the executing authentication code.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
23 | 2.1 | 115 | 14 | |
32 | 28 | |||
34 |