This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Fix security issues correctly"
From OWASP
Deleted user (talk | contribs) |
(Reverting to last version not containing links to www.textolocc4t.com) |
||
Line 1: | Line 1: | ||
− | |||
{{Template:Principle}} | {{Template:Principle}} | ||
Line 16: | Line 15: | ||
===Integration Testing=== | ===Integration Testing=== | ||
− | : A user has found that they can see another | + | : A user has found that they can see another user’s balance by adjusting their cookie. The fix seems to be relatively straightforward, but as the cookie handling code is shared amongst all applications, a change to just one application will trickle through to all other applications. The fix must therefore be tested on all affected applications. |
Latest revision as of 18:28, 27 May 2009
This is a principle or a set of principles. To view all principles, please see the Principle Category page.
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
Description
Once a security issue has been identified, it is important to develop a test for it, and to understand the root cause of the issue. When design patterns are used, it is likely that the security issue is widespread amongst all code bases, so developing the right fix without introducing regressions is essential.
Examples
Integration Testing
- A user has found that they can see another user’s balance by adjusting their cookie. The fix seems to be relatively straightforward, but as the cookie handling code is shared amongst all applications, a change to just one application will trickle through to all other applications. The fix must therefore be tested on all affected applications.
Related Vulnerabilities
Related Controls