This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - AZ 8

From OWASP
Revision as of 15:00, 21 January 2016 by Dariodf (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#d9c049;">Cornucopia - Ecommerce Website - AZ 8</span>}} File:Cornucopia_-_Ecommerce_Website_AZ_8....")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website AZ 8.png

Suit: Authorization

Card/Value: 8

Description:

Tom can bypass business rules by altering the usual process sequence or flow, or by undertaking the process in the incorrect order, or by manipulating date and time values used by the application, or by using valid features for unintended purposes, or by otherwise manipulating control data.

Technical Note:

Do not make assumptions about the order or previous actions of a user. Re-perform authorization checks at each and every step.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
10 4.1 ACE3 25 8
32 4.2 39 10
93 4.3 74 11
94 4.4 162 12
189 15.1 166
15.2 207
15.3
15.8


« Previous Card | Authorization | Next Card »