This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Cornucopia - Ecommerce Website - AZ 7
From OWASP
Revision as of 15:00, 21 January 2016 by Dariodf (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#d9c049;">Cornucopia - Ecommerce Website - AZ 7</span>}} File:Cornucopia_-_Ecommerce_Website_AZ_7....")
Suit: Authorization
Card/Value: 7
Description:
Yuanjing can access application functions, objects, or properties he is not authorized to access.
Technical Note:
Implement least privilege, and restrict users to only the functionality, objects and properties that are required to perform their tasks.
NB: the key concept for this card is applying function/object/property authorization controls. See AZ 5 for resource type controls, and AZ 6 for data controls.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
81 | 4.1 | ACE1 | 122 | 8 |
85 | 4.2 | ACE2 | 10 | |
86 | 4.3 | ACE3 | 11 | |
131 | 4.4 | ACE4 | ||
15.7 |