This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - AT 10

From OWASP
Revision as of 14:36, 21 January 2016 by Dariodf (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#73abcc;">Cornucopia - Ecommerce Website - AT 10</span>}} File:Cornucopia_-_Ecommerce_Website_AT_1...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website AT 10.png

Suit: Authentication

Card/Value: 10

Description:

Pravin can bypass authentication controls because a centralized standard, tested and approved authentication module/framework/service, separate to the resource being requested, is not being used.

Technical Note:

Centralized authentication routines are a good programming practice, but like other routines, developers need to understand how they work, how to use them and any limitations. These should preferably be the framework's in-built authentication support. I If third party authentication libraries are used, it is important to test each routine before its implementation.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
25 2.5 90 14
26 115 28
27





« Previous Card | Authentication | Next Card »