This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - AZ 9

From OWASP
Jump to: navigation, search
Cornucopia - Ecommerce Website AZ 9.png

Suit: Authorization

Card/Value: 9

Description:

Mike can misuse an application by using a valid feature too fast, or too frequently, or other way that is not intended, or consumes the application's resources, or causes race conditions, or over-utilizes a feature.

Technical Note:

Protect against automated threats to web applications such as:

  • Account aggregation.
  • Account creation.
  • Ad fraud.
  • CAPTCHA bypass.
  • Carding.
  • Card cracking.
  • Cashing out.
  • Credential cracking.
  • Credential stuffing.
  • Denial of service.
  • Expediting.
  • Fingerprinting.
  • Footprinting.
  • Scalping.
  • Scraping.
  • Skewing.
  • Sniping.
  • Spamming.
  • Token cracking.
  • Vulnerability scanning.

See also related automation attacks in Authentication AT 4 and AT 7.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
94 4.17 AE3 26 1
15.6 FIO1 29 35
15.8 FIO2 119
15.10 UT2 261
UT3
UT4
STE1
STE2
STE3


« Previous Card | Authorization | Next Card »