This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Cornucopia - Ecommerce Website - AZ 7
From OWASP
Suit: Authorization
Card/Value: 7
Description:
Yuanjing can access application functions, objects, or properties he is not authorized to access.
Technical Note:
Implement least privilege, and restrict users to only the functionality, objects and properties that are required to perform their tasks.
NB: the key concept for this card is applying function/object/property authorization controls. See AZ 5 for resource type controls, and AZ 6 for data controls.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
81 | 4.1 | ACE1 | 122 | 8 |
85 | 4.2 | ACE2 | 10 | |
86 | 4.3 | ACE3 | 11 | |
131 | 4.4 | ACE4 | ||
15.7 |