This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - AT 10"
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#73abcc;">Cornucopia - Ecommerce Website - AT 10</span>}} File:Cornucopia_-_Ecommerce_Website_AT_1...") |
|||
Line 50: | Line 50: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
Latest revision as of 16:19, 21 January 2016
Suit: Authentication
Card/Value: 10
Description:
Pravin can bypass authentication controls because a centralized standard, tested and approved authentication module/framework/service, separate to the resource being requested, is not being used.
Technical Note:
Centralized authentication routines are a good programming practice, but like other routines, developers need to understand how they work, how to use them and any limitations. These should preferably be the framework's in-built authentication support. I If third party authentication libraries are used, it is important to test each routine before its implementation.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
25 | 2.5 | 90 | 14 | |
26 | 115 | 28 | ||
27 |