This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Cornucopia - Ecommerce Website - AZ 9
From OWASP
Suit: Authorization
Card/Value: 9
Description:
Mike can misuse an application by using a valid feature too fast, or too frequently, or other way that is not intended, or consumes the application's resources, or causes race conditions, or over-utilizes a feature.
Technical Note:
Protect against automated threats to web applications such as:
- Account aggregation.
- Account creation.
- Ad fraud.
- CAPTCHA bypass.
- Carding.
- Card cracking.
- Cashing out.
- Credential cracking.
- Credential stuffing.
- Denial of service.
- Expediting.
- Fingerprinting.
- Footprinting.
- Scalping.
- Scraping.
- Skewing.
- Sniping.
- Spamming.
- Token cracking.
- Vulnerability scanning.
See also related automation attacks in Authentication AT 4 and AT 7.
References:
| OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
|---|---|---|---|---|
| 94 | 4.17 | AE3 | 26 | 1 |
| 15.6 | FIO1 | 29 | 35 | |
| 15.8 | FIO2 | 119 | ||
| 15.10 | UT2 | 261 | ||
| UT3 | ||||
| UT4 | ||||
| STE1 | ||||
| STE2 | ||||
| STE3 |
