This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Reviewing Code for Authorization Issues

From OWASP
Revision as of 10:12, 1 August 2007 by EoinKeary (talk | contribs)

Jump to: navigation, search
OWASP Code Review Guide Table of Contents

Introduction

Authorization issues cover a wide array of lyers in a web application; from the functional authorization of a user to gain access to a perticular funcation of the application is at the app layer to the Database access authorization and least privilege issues at the persistence layer. So what to look for whe performing a code review. From an attack perspective the most common issues are a result of curiousity and also exploitation of vulnerabilities such as SQL injection. Example: A Database account used by an application with system/admin access upon which the application was vulnerable to SQL injection would result in a higher degree of impact rather than the same vulnerable application with a least privilege database account.

How to locate the potentially vulnerable code

Vulnerable Patterns for Authorization issues

Good Patterns & procedures for Authorization

Retrieved from "https://wiki.owasp.org/index.php?title=Reviewing_Code_for_Authorization_Issues&oldid=20524"