Cornucopia - Ecommerce Website - VE 8
Sarah can bypass the centralized sanitization routines since they are not being used comprehensively.
Sanitization may be used to strip some inputs or outputs of certain unwanted characters. It is not a substitute for data validation and encoding, but may be used in combination (e.g. to remove leading/trailing whitespace from keyboard input). If sanitization is part of the validation and encoding processes, ensure that no relevant input/output is excluded, or can be bypassed by submitting data through a different input stream (e.g. GET instead of POST) or using a different app (e.g. mobile vs. desktop).
NB: The key concept for this card is use of sanitization, and whether such routines are comprehensively applied.
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|