This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - AZ 7

From OWASP
Revision as of 15:00, 21 January 2016 by Dariodf (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#d9c049;">Cornucopia - Ecommerce Website - AZ 7</span>}} File:Cornucopia_-_Ecommerce_Website_AZ_7....")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website AZ 7.png

Suit: Authorization

Card/Value: 7

Description:

Yuanjing can access application functions, objects, or properties he is not authorized to access.

Technical Note:

Implement least privilege, and restrict users to only the functionality, objects and properties that are required to perform their tasks.

NB: the key concept for this card is applying function/object/property authorization controls. See AZ 5 for resource type controls, and AZ 6 for data controls.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
81 4.1 ACE1 122 8
85 4.2 ACE2 10
86 4.3 ACE3 11
131 4.4 ACE4
15.7



« Previous Card | Authorization | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_AZ_7&oldid=207098"