This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - AZ 2"
From OWASP
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#d9c049;">Cornucopia - Ecommerce Website - AZ 2</span>}} File:Cornucopia_-_Ecommerce_Website_AZ_2....") |
|||
Line 51: | Line 51: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_SM_A|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_AZ|Authorization]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_AZ_3|Next Card »]] </div> | <div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_SM_A|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_AZ|Authorization]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_AZ_3|Next Card »]] </div> |
Latest revision as of 16:23, 21 January 2016
Suit: Authorization
Card/Value: 2
Description:
Tim can influence where data is sent or forwarded to.
Technical Note:
Users must not be able to define unauthorised virtual locations/addresses such as:
- Database table names.
- File system paths.
- Alert SMS or email messages.
- URL paths.
All such properties must be defined by the ecommerce application itself, or drawn from a valid list of locations permitted for the user and their role.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
44 | 4.3 | - | 153 | 8 |
15.7 | 10 | |||
16.1 | 11 |