This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - SM Q

From OWASP
Jump to: navigation, search
Cornucopia - Ecommerce Website SM Q.png

Suit: Session management

Card/Value: Q

Description:

Salim can bypass session management because it is not applied comprehensively and consistently across the application.

Technical Note:

Every part of the application and type of request should verify that the user has a valid current session (if required) and thus their privileges, before undertaking any other data validation and processing.

NB: This relates to application-wide session management control. See SM K for what session management routines to use.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
58 3.1 - 21 14
28




« Previous Card | Session management | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_SM_Q&oldid=207192"