This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Cornucopia - Ecommerce Website - CR 3
From OWASP
Suit: Cryptography
Card/Value: 3
Description:
Axel can modify transient or permanent data (stored or in transit), or source code, or updates/patches, or configuration data, because it is not subject to integrity checking.
Technical Note:
Tampering with state, source code, interpreted code, libraries, executables, updates, patches, configuration data, logs, etc undermines any trust in the application. Consider the file system, database content, information in memory, in page code, and data in transit.
NB: The key concept for this card is integrity.
References:
| OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
|---|---|---|---|---|
| 92 | 13.2 | SE1 | 31 | 12 |
| 205 | IE4 | 39 | 14 | |
| 212 | 68 | |||
| 75 | ||||
| 133 | ||||
| 145 | ||||
| 162 | ||||
| 203 | ||||
| 438 | ||||
| 439 | ||||
| 442 |
