This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - AT 5"
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#73abcc;">Cornucopia - Ecommerce Website - AT 5</span>}} File:Cornucopia_-_Ecommerce_Website_AT_5....") |
|||
Line 49: | Line 49: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_AT_4|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_AT|Authentication]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_AT_6|Next Card »]] </div> | <div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_AT_4|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_AT|Authentication]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_AT_6|Next Card »]] </div> |
Latest revision as of 16:18, 21 January 2016
Suit: Authentication
Card/Value: 5
Description:
Javier can use default, test or easily guessable credentials to authenticate, or can use an old account or an account not necessary for the application.
Technical Note:
No default (e.g. vendor), old, or test accounts should exist. Each user should have their own individual account, and accounts should only be issued and active for those people/systems that have been permitted access for the required need of their job/role. Put automatic time limits on temporary accounts. Review accounts periodically to check whether any need to be de-activated or deleted. Utilize strong passwords/phrases and/or implement multi-factor authentication, especially for accounts with more privileged access.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
54 | 2.19 | AE12 | 70 | 28 |
175 | HT3 | |||
178 |