This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - AZ 7

From OWASP
Jump to: navigation, search
Cornucopia - Ecommerce Website AZ 7.png

Suit: Authorization

Card/Value: 7

Description:

Yuanjing can access application functions, objects, or properties he is not authorized to access.

Technical Note:

Implement least privilege, and restrict users to only the functionality, objects and properties that are required to perform their tasks.

NB: the key concept for this card is applying function/object/property authorization controls. See AZ 5 for resource type controls, and AZ 6 for data controls.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
81 4.1 ACE1 122 8
85 4.2 ACE2 10
86 4.3 ACE3 11
131 4.4 ACE4
15.7


« Previous Card | Authorization | Next Card »