Cornucopia - Ecommerce Website - SM Q
From OWASP
Suit: Session management
Card/Value: Q
Description:
Salim can bypass session management because it is not applied comprehensively and consistently across the application.
Technical Note:
Every part of the application and type of request should verify that the user has a valid current session (if required) and thus their privileges, before undertaking any other data validation and processing.
NB: This relates to application-wide session management control. See SM K for what session management routines to use.
References:
| OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
|---|---|---|---|---|
| 58 | 3.1 | - | 21 | 14 |
| 28 |
