This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - VE 8

From OWASP
Jump to: navigation, search
Cornucopia - Ecommerce Website VE 8.png

Suit: Data Validation and Encoding

Card/Value: 8

Description:

Sarah can bypass the centralized sanitization routines since they are not being used comprehensively.

Technical Note:

Sanitization may be used to strip some inputs or outputs of certain unwanted characters. It is not a substitute for data validation and encoding, but may be used in combination (e.g. to remove leading/trailing whitespace from keyboard input). If sanitization is part of the validation and encoding processes, ensure that no relevant input/output is excluded, or can be bypassed by submitting data through a different input stream (e.g. GET instead of POST) or using a different app (e.g. mobile vs. desktop).

NB: The key concept for this card is use of sanitization, and whether such routines are comprehensively applied.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
15 28 2
169 31 17
152
160
468


« Previous Card | Data Validation and Encoding | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_VE_8&oldid=207167"