This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - AZ 2

From OWASP
Revision as of 16:23, 21 January 2016 by Dariodf (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website AZ 2.png

Suit: Authorization

Card/Value: 2

Description:

Tim can influence where data is sent or forwarded to.

Technical Note:

Users must not be able to define unauthorised virtual locations/addresses such as:

  • Database table names.
  • File system paths.
  • Alert SMS or email messages.
  • URL paths.

All such properties must be defined by the ecommerce application itself, or drawn from a valid list of locations permitted for the user and their role.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
44 4.3 - 153 8
15.7 10
16.1 11


« Previous Card | Authorization | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_AZ_2&oldid=207195"