This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - SM K

From OWASP
Jump to: navigation, search
Cornucopia - Ecommerce Website SM K.png

Suit: Session management

Card/Value: K

Description:

Peter can bypass the session management controls because they have been self-built and/or are weak, instead of using a standard framework or approved tested module.

Technical Note:

Centralized session management routines are a good programming practice, but like other routines, developers need to understand how they work, how to use them and any limitations. These should preferably be the framework's in-built session management support. If third party session management libraries are used, it is important to test each routine before its implementation.

NB: This relates to what session management routines to use. See SM Q for application-wide coverage.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
58 3.1 - 21 14
60 28



« Previous Card | Session management | Next Card »