This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - AZ 7"
From OWASP
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#d9c049;">Cornucopia - Ecommerce Website - AZ 7</span>}} File:Cornucopia_-_Ecommerce_Website_AZ_7....") |
|||
Line 61: | Line 61: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
− | |||
<div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_AZ_6|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_AZ|Authorization]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_AZ_8|Next Card »]] </div> | <div style="padding:5px;background:LightGray;color:White;font-weight:bold;">[[Cornucopia_-_Ecommerce_Website_-_AZ_6|« Previous Card]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_AZ|Authorization]] <span style="padding-left:10px;padding-right:10px;">|</span> [[Cornucopia_-_Ecommerce_Website_-_AZ_8|Next Card »]] </div> |
Latest revision as of 16:24, 21 January 2016
Suit: Authorization
Card/Value: 7
Description:
Yuanjing can access application functions, objects, or properties he is not authorized to access.
Technical Note:
Implement least privilege, and restrict users to only the functionality, objects and properties that are required to perform their tasks.
NB: the key concept for this card is applying function/object/property authorization controls. See AZ 5 for resource type controls, and AZ 6 for data controls.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
81 | 4.1 | ACE1 | 122 | 8 |
85 | 4.2 | ACE2 | 10 | |
86 | 4.3 | ACE3 | 11 | |
131 | 4.4 | ACE4 | ||
15.7 |