Cornucopia - Ecommerce Website - AZ 2
Tim can influence where data is sent or forwarded to.
Users must not be able to define unauthorised virtual locations/addresses such as:
- Database table names.
- File system paths.
- Alert SMS or email messages.
- URL paths.
All such properties must be defined by the ecommerce application itself, or drawn from a valid list of locations permitted for the user and their role.
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|