This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - CR 2

From OWASP
Jump to: navigation, search
Cornucopia - Ecommerce Website CR 2.png

Suit: Cryptography

Card/Value: 2

Description:

Kyun can access data because it has been obfuscated rather than using an approved cryptographic function.

Technical Note:

There is no substitute for a proper, approved, cryptographic function where data needs to be protected at rest or in transit. Obfuscation is rarely the correct choice. Use standard-approved functions and consider all cryptographic management requirements (e.g. key creation, distribution, protection, replacement, retirement).

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
105 - - - 21
133 29
135



« Previous Card | Cryptography | Next Card »