This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - AT 5

From OWASP
Revision as of 16:18, 21 January 2016 by Dariodf (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website AT 5.png

Suit: Authentication

Card/Value: 5

Description:

Javier can use default, test or easily guessable credentials to authenticate, or can use an old account or an account not necessary for the application.

Technical Note:

No default (e.g. vendor), old, or test accounts should exist. Each user should have their own individual account, and accounts should only be issued and active for those people/systems that have been permitted access for the required need of their job/role. Put automatic time limits on temporary accounts. Review accounts periodically to check whether any need to be de-activated or deleted. Utilize strong passwords/phrases and/or implement multi-factor authentication, especially for accounts with more privileged access.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
54 2.19 AE12 70 28
175 HT3
178


« Previous Card | Authentication | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_AT_5&oldid=207173"