Talk:Testing for business logic - Revision history

Andrew Muller: Andrew Muller moved page Talk:Testing for business logic (OWASP-BL-001) to Talk:Testing for business logic over redirect: Testing for business logic is now a chapter heading supported by several test cases rather than being the only test case.

2014-08-05T12:29:18Z

Andrew Muller moved page Talk:Testing for business logic (OWASP-BL-001) to Talk:Testing for business logic over redirect: Testing for business logic is now a chapter heading supported by several test cases rather than being the only test case.

KirstenS: Talk:Testing for business logic moved to Talk:Testing for business logic (OWASP-BL-001)

2008-12-07T17:48:45Z

Talk:Testing for business logic moved to Talk:Testing for business logic (OWASP-BL-001)

Khorvath: /* Description of Issues - Example 2 */

2008-06-27T02:45:36Z

‎Description of Issues - Example 2

Rick.mitchell: /* Description of Issues - Example 2 */

2008-06-25T12:42:36Z

‎Description of Issues - Example 2

Rick.mitchell: Description of Issues - Example 2

2008-06-24T16:14:06Z

Description of Issues - Example 2

New page

== Description of Issues - Example 2 ==

There something missing in Example 2. You've jumped from altering preferences to taking ownership of accounts.

I can understand that if I was editing preferences and sent userid 818 I'd alter the preferences of another company's user but how would ownership of that account change?

← Older revision		Revision as of 02:45, 27 June 2008
Line 4:		Line 4:

	I can understand that if I was editing preferences and sent userid 818 I'd alter the preferences of another company's user but how would ownership of that account change? [[User:Rick.mitchell\|Rick.mitchell]] 08:42, 25 June 2008 (EDT)		I can understand that if I was editing preferences and sent userid 818 I'd alter the preferences of another company's user but how would ownership of that account change? [[User:Rick.mitchell\|Rick.mitchell]] 08:42, 25 June 2008 (EDT)
		+
		+	I see your assumption but the application was so flawed that when you updated a users account and changed the users id it didn't change the other users preferences but assign that id to your companies account. There is a session token that is used so if this is unchanged and the userid is changed when the account is updated then the application will assign it to your company (ie the flawed logic). I will try to make this more clear in the example.

← Older revision		Revision as of 12:42, 25 June 2008
Line 3:		Line 3:
	There something missing in Example 2. You've jumped from altering preferences to taking ownership of accounts.		There something missing in Example 2. You've jumped from altering preferences to taking ownership of accounts.

−	I can understand that if I was editing preferences and sent userid 818 I'd alter the preferences of another company's user but how would ownership of that account change?	+	I can understand that if I was editing preferences and sent userid 818 I'd alter the preferences of another company's user but how would ownership of that account change? [[User:Rick.mitchell\|Rick.mitchell]] 08:42, 25 June 2008 (EDT)

← Older revision	Revision as of 12:29, 5 August 2014
(No difference)

← Older revision	Revision as of 17:48, 7 December 2008
(No difference)